CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-56261

highCVSS 8.6covered by 1 sourcefirst seen 2026-07-10
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata.

⚡ Watch CVE-2026-56261

Get an email if CVE-2026-56261 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-56261

CVE.org record

Embed the live status

CVE-2026-56261 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-56261 status](https://www.csirts.com/badge/CVE-2026-56261)](https://www.csirts.com/cve/CVE-2026-56261)