Firecrawl

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-32857	Mendableai Firecrawl	Hig	0.56	8.6	Mar 26, 2026	Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations.…
CVE-2024-56800	Mendableai Firecrawl	Hig	0.41	7.4	Dec 30, 2024	Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to…
CVE-2025-57818	Mendableai Firecrawl	Med	0.34	6.3	Aug 26, 2025	Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send…

CVE-2026-32857HigMar 26, 2026
Mendableai
Firecrawl
risk 0.56cvss 8.6epss 0.00
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations.…
CVE-2024-56800HigDec 30, 2024
Mendableai
Firecrawl
risk 0.41cvss 7.4epss 0.00
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to…
CVE-2025-57818MedAug 26, 2025
Mendableai
Firecrawl
risk 0.34cvss 6.3epss 0.00
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send…