PYSEC-2026-229
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/crawl4ai/PYSEC-2026-229.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-229
- Aliases
-
- CVE-2026-56262
- CVE-2026-56263
- CVE-2026-56265
- CVE-2026-56266
- GHSA-365w-hqf6-vxfg
- PYSEC-2026-230
- PYSEC-2026-239
- Published
- 2026-06-24T13:16:35.263Z
- Modified
- 2026-06-27T11:26:19.794792795Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.
- References
Affected packages
PyPI / crawl4ai
Package
- Name
- crawl4ai
- View open source insights on deps.dev
- Purl
- pkg:pypi/crawl4ai
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.8.7
Affected versions
0.*
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.71
0.3.72
0.3.73
0.3.74
0.3.731
0.3.741
0.3.742
0.3.743
0.3.744
0.3.745
0.3.746
0.4.0
0.4.1
0.4.3b1
0.4.3b2
0.4.3b3
0.4.21
0.4.22
0.4.23
0.4.24
0.4.241
0.4.242
0.4.243
0.4.244
0.4.245
0.4.246
0.4.247
0.4.248b3
0.4.248
0.5.0
0.5.0.post1
0.5.0.post2
0.5.0.post3
0.5.0.post4
0.5.0.post5
0.5.0.post6
0.5.0.post7
0.5.0.post8
0.6.0rc1
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.8.0
0.8.5
0.8.6