Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-56261

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 8.6
Products affected by CVE-2026-56261


Contact Us

Shodan ® - All rights reserved