External risk intelligence

Crawl4AI Arbitrary JavaScript Execution and SSRF Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.2)

CVE-2026-56264

The vulnerability exists in an API endpoint (/execute_js) of a server application designed for web crawling and scraping. Such services are typically deployed as network-accessible API endpoints or web services to allow external clients or other systems to trigger crawling tasks, making the API surface commonly reachable over a network.

Code Injection

Kidocode Crawl4ai

before 0.8.7

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in Crawl4AI's Docker API server allows an attacker to execute arbitrary JavaScript. This could enable them to perform server-side request forgery against internal services by leveraging the browser's relaxed security settings. The main concern is confirming relevance and exposure.

  • Allows code execution via API.
  • Impacts systems with exposed API endpoints.
  • Confirm if this technology is in use.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a specially crafted request to the server's Docker API, specifically targeting the `/execute_js` endpoint. Because the server executes JavaScript code with relaxed security settings, the attacker can run arbitrary JavaScript. This allows them to potentially perform actions on the server, including making requests to internal services.

  • Network access to the API.
  • Triggering the `/execute_js` endpoint.
  • Arbitrary JavaScript execution, internal requests.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute arbitrary JavaScript within the server's browser context when the API server's `/execute_js` endpoint is accessible. Combined with relaxed security settings, this could enable the attacker to initiate requests to internal services, potentially exposing sensitive information or disrupting service behavior.

  • Arbitrary JavaScript execution.
  • Via accessible `/execute_js` endpoint.
  • Internal service requests could occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Crawl4AI Docker API server, specifically versions prior to 0.8.7, has a critical vulnerability in its `/execute_js` endpoint. This vulnerability allows for arbitrary JavaScript execution, potentially enabling attackers to perform server-side request forgery against internal services due to relaxed browser security settings. Infrastructure or platform teams responsible for deploying and managing Crawl4AI should prioritize identifying all instances of this software. Once located, confirm its network reachability and business criticality to accurately assess risk and plan for remediation, which may involve vendor coordination or temporary risk reduction measures.

  • Infrastructure and platform teams own the issue.
  • Verify affected Crawl4AI deployments and reachability.
  • Plan remediation or risk reduction actions.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Crawl4AI?

Crawl4AI is an open-source tool designed to simplify web crawling and data scraping. It provides developers with an API-driven way to interact with web content. By utilizing a headless browser environment, it helps automate the process of fetching and parsing information from websites, making it a common choice for data collection projects and automated web research pipelines.

What is the vulnerability in CVE-2026-56264?

This vulnerability is classified as CWE-94, or Improper Control of Generation of Code. In simpler terms, the Crawl4AI Docker API server includes an endpoint that incorrectly permits users to submit and run arbitrary JavaScript code. Because the browser environment lacks standard security protections—specifically due to the disabled web security settings—the system essentially trusts and executes any code provided to it, creating a severe control gap.

How can an attacker trigger this bug?

An attacker triggers the vulnerability by sending a specially crafted request to the /execute_js API endpoint. This action does not require the attacker to have administrative privileges or prior system access. It is important to note that merely having the software installed is not enough; the bug only becomes actionable if the API endpoint is reachable over the network and accepts incoming requests from the attacker.

Is my system at risk?

According to Halo Surface Signal, this vulnerability is highly relevant if your Crawl4AI deployment is network-accessible. Because the service is built to be an API, it is frequently exposed to allow remote task triggering. If your instance is reachable from the internet, it faces the highest risk, as unauthorized parties could potentially use the server as a proxy to reach internal network resources that are otherwise hidden from the public.

What should I do if I run Crawl4AI?

Your first step is to locate all instances of Crawl4AI within your infrastructure to confirm which versions are in use. If you are running a version earlier than 0.8.7, you are affected. Assess the network access for these deployments to determine if they are exposed. If you cannot update immediately, consider restricting network access to the API endpoint or isolating the service to prevent it from being used as a gateway to your internal network.

References