VYPR
Vypr IntelligenceAI-generatedJun 24, 2026· 5 CVEs

Unclecode Crawl4AI: Five CVEs Disclosed Together Reveal Auth Bypass, SSRF, and XSS Flaws

Five critical vulnerabilities, including authentication bypass and SSRF, were disclosed in Unclecode's Crawl4AI, impacting versions prior to 0.8.7 and 0.8.8.

Key findings

  • Five vulnerabilities disclosed in Unclecode's Crawl4AI between June 21-24, 2026.
  • Multiple authentication bypass flaws including hardcoded JWT keys and unauthenticated monitor endpoints.
  • Server-Side Request Forgery (SSRF) allows access to internal services via crafted crawl requests.
  • Stored XSS in the monitor dashboard and arbitrary file write via symlink TOCTOU attacks.
  • Affected versions are prior to 0.8.7 and 0.8.8; patching is strongly recommended.

On June 21-24, 2026, a batch of five vulnerabilities was disclosed in Unclecode's Crawl4AI product, affecting versions prior to 0.8.7 and 0.8.8. These vulnerabilities, detailed by various security researchers, expose Crawl4AI instances to unauthenticated access, data manipulation, and potential system compromise. The disclosures highlight critical security weaknesses including authentication bypass, arbitrary file writes, stored cross-site scripting, and server-side request forgery.

Several vulnerabilities center on authentication bypass. CVE-2026-56265, disclosed on June 21, points to a hardcoded JWT signing key in the Docker API server, allowing attackers to forge authentication tokens and gain full access. Similarly, CVE-2026-56262, disclosed on June 24, reveals an unauthenticated access flaw in the monitor router endpoints, enabling destructive operations via the /monitor/actions/cleanup endpoint.

Further compromising security, CVE-2026-56266, published on June 22, details a server-side request forgery (SSRF) vulnerability in several direct crawl endpoints (/crawl, /crawl/stream, /md, and /llm). This flaw allows unauthenticated attackers to fetch arbitrary user-supplied URLs, potentially bypassing internal-address blocklists and accessing internal services.

The batch also includes a stored cross-site scripting (XSS) vulnerability, CVE-2026-56263, disclosed on June 23. This flaw exists in the monitor dashboard, where crawl URLs and error messages are rendered without proper escaping, allowing attackers to inject malicious markup that executes in an operator's browser. Additionally, CVE-2026-56258, also disclosed on June 23, describes an arbitrary file write vulnerability in the screenshot and PDF endpoints. Exploiting a time-of-check-time-of-use (TOCTOU) race condition with symlinks on the output_path parameter, unauthenticated attackers can write files outside the intended directory.

The affected versions are explicitly stated as prior to 0.8.7 for most vulnerabilities, with CVE-2026-56258 affecting versions prior to 0.8.8. Users are strongly advised to update to patched versions to mitigate these risks. The coordinated disclosure of these vulnerabilities underscores the importance of timely patching and security reviews for AI-powered tools like Crawl4AI, especially given their potential to interact with sensitive system endpoints and data.

The range of vulnerabilities, from authentication bypass to SSRF and XSS, presents a multifaceted attack surface for Crawl4AI deployments. The ability for unauthenticated attackers to perform destructive actions, access internal services, or execute arbitrary code necessitates immediate attention from system administrators. Staying updated with the latest patches and security advisories from Unclecode is crucial for maintaining the integrity and security of systems utilizing Crawl4AI.

AI-written article. Grounded in 5 CVE records listed below.