logo

Critical Arbitrary File Write Vulnerability in Crawl4AI (CVE-2026-56260)

ID: 165c1366-234f-530e-93db-cd8c4a74a9bc

STIX ID: report--165c1366-234f-530e-93db-cd8c4a74a9bc

Feed Name: ThreatCluster

Threat Score
75/100

Date Published: 2026-07-12

Date Updated: 2026-07-13

...
...

**CVE-2026-56260 — Crawl4AI arbitrary file write (critical, CVSS 9.1):** An unauthenticated arbitrary file write vulnerability in Crawl4AI (<0.8.7) via the Docker API /screenshot and /pdf endpoints allows attackers to write files to any location accessible by the application user; upgrade to 0.8.7 or later or restrict access to the endpoints. No public PoC reported as of July 12, 2026.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.