Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browserconfig (and crawlerconfig). The following all feed Chromium's egress and were unchecked: browserconfig.proxyconfig.server, browserconfig.proxy (deprecated field), crawlerconfig.proxyconfig.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browserconfig.extra_args. This vulnerability is fixed in 0.8.9.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53755.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-918"
]
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
],
"cpe": "cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.8.9"
}
]
}