{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "cpe": "cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*",
            "extracted_events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "0.8.9"
              }
            ],
            "source": [
              "AFFECTED_FIELD",
              "CPE_RANGE"
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "cdf2ead7ed4b78594d06b87bae930a819c685825"
            }
          ],
          "repo": "https://github.com/unclecode/crawl4ai",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-6qhc-x826-342c"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53755.json"
  },
  "details": "Crawl4AI is an open-source LLM friendly web crawler \u0026 scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.",
  "id": "CVE-2026-53755",
  "modified": "2026-07-08T05:39:20.320617947Z",
  "published": "2026-06-23T18:15:31.586Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53755.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/unclecode/crawl4ai/security/advisories/GHSA-6qhc-x826-342c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53755"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check"
}