Live Exposure Defense: From CVE to Confirmed Exposure in 12 Hours – See more

New CVE Detected

CVE-2026-57573 – Unauthenticated SSRF – Crawl4AI Docker API Server prior to 0.9.0

Be the first to know when new zero-days emerge:

Summary

CVE-2026-57573 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the Crawl4AI Docker API server, affecting all versions prior to 0.9.0. A remote unauthenticated attacker can exploit the streaming crawl endpoint to force the server to fetch arbitrary internal, private, or link-local URLs and stream the response body back — with no authentication or user interaction required. The vulnerability is rated CVSS 8.6 (HIGH) with Scope Changed and Confidentiality High.

Technical details

  • Root cause: The handle_stream_crawl_request function passed seed URLs directly to the crawler without invoking the validate_url_destination check that was applied to the non-streaming /crawl endpoint, leaving the streaming path entirely unprotected against SSRF destinations.
  • Trigger conditions: An unauthenticated remote client sends a single HTTP POST to POST /crawl/stream, or to POST /crawl with crawler_config.stream=true, supplying an internal, private, or link-local address (e.g. 169.254.169.254) as the target URL.
  • Attack vector: Network-accessible with no authentication required; the Docker API server runs without authentication by default on all versions prior to 0.9.0, and no user interaction is needed.
  • Impact: The server fetches the attacker-supplied URL and streams the full response body back to the caller. This enables unauthorised access to cloud instance metadata endpoints, internal services, and other link-local or RFC-1918 resources beyond the application’s own security boundary — facilitating credential theft, internal network reconnaissance, and lateral movement.

Affected software

  • Crawl4AI Docker API server, all versions prior to 0.9.0 (≤ 0.8.9)

Severity

  • CVSS v3.1 Base Score: 8.6 (HIGH)
  • Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Mitigation and recommended actions

  • Immediate: Upgrade Crawl4AI to version 0.9.0 or later. Version 0.9.0 closes the missing destination-validation gap on the streaming path and additionally enables API authentication by default.
  • If immediate patching is not possible: Restrict network-level access to the Crawl4AI Docker API port via firewall rules so only trusted hosts can reach the service. Apply egress firewall controls on the container to block outbound connections to private (RFC-1918), link-local (169.254.0.0/16), and loopback address ranges.

IONIX Status

The IONIX research team is tracking ongoing exploitation attempts and recommends immediate patching. Potentially affected assets are outlined in this post.

References

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

How IONIX’s External Exposure Management Platform Detects and Validates
Zero-Days to Shrink MTTR

1

Map your entire attack surface (continously)

IONIX uses multi-factor discovery methods, including DNS analysis, certificate mapping, metadata inspection, and more, to automatically map every internet-facing asset across your environment. This includes cloud instances, third-party platforms, shadow IT, and even forgotten infrastructure that traditional tools miss.

2

Monitor for new CVEs

Dozens of threat intel feeds using agentic technology are continuously analyzed to detect the appearance of proof-of-concept code, exploit kits, and indicators of active targeting. IONIX goes further by applying AI to proactively evaluate whether emerging vulnerabilities are likely to be exploited, even before PoCs go public.

3

Identify Potential External Exposures

Not all CVEs matter. IONIX filters vulnerabilities by asking attacker-centric questions: Can it be reached from the internet? Does it require authentication? Is it being exploited in the wild? This dramatically reduces noise and focuses teams on threats that can actually be weaponized.

4

Create Safe, Scalable Exploit Validations

IONIX transforms real-world PoCs into safe, non-intrusive test payloads that can be run in production environments without disruption. These simulations are precisely targeted to the systems that are vulnerable, ensuring rapid validation without unnecessary load.

5

Execute Exploit Validations

By combining context about software stack, versioning, exposure status, and reachability, IONIX ensures that only the right payloads are executed against the right assets, maximizing efficiency and minimizing risk.

6

Drive Fast and Actionable Remediation

Results are routed through integrations with ticketing, SOAR, and SIEM tools. Issues are written in plain language, bundled into remediation clusters, and prioritized based on asset criticality, exploitability, and blast radius. This shortens mean time to remediation (MTTR) and empowers teams to act with confidence.

Are you exposed?

Get a free report of your organization’s exposure to this CVE and threat

Subscribe to Threat Center RSS

Copy/paste the link below into your preferred RSS reader or follow these instructions to subscribe to Slack alerts.

Get Real-Time CVE Alerts to Your Email

Be the first to know when new zero-days emerge