PYSEC-2026-1281

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/crawl4ai/PYSEC-2026-1281.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1281
Aliases
Published
2026-07-07T16:02:51.277089Z
Modified
2026-07-07T17:47:33.652480096Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Crawl4AI SSRF vulnerability
Details

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.

References

Affected packages

PyPI / crawl4ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.4.247

Affected versions

0.*
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.71
0.3.72
0.3.73
0.3.74
0.3.731
0.3.741
0.3.742
0.3.743
0.3.744
0.3.745
0.3.746
0.4.0
0.4.1
0.4.3b1
0.4.3b2
0.4.3b3
0.4.21
0.4.22
0.4.23
0.4.24
0.4.241
0.4.242
0.4.243
0.4.244
0.4.245
0.4.246
0.4.247

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/crawl4ai/PYSEC-2026-1281.yaml"