Critical Arbitrary File Write Vulnerability in Crawl4AI (CVE-2026-56260)
ID: 165c1366-234f-530e-93db-cd8c4a74a9bc
STIX ID: report--165c1366-234f-530e-93db-cd8c4a74a9bc
Feed Name: ThreatCluster
Threat Score
**CVE-2026-56260 — Crawl4AI arbitrary file write (critical, CVSS 9.1):** An unauthenticated arbitrary file write vulnerability in Crawl4AI (<0.8.7) via the Docker API /screenshot and /pdf endpoints allows attackers to write files to any location accessible by the application user; upgrade to 0.8.7 or later or restrict access to the endpoints. No public PoC reported as of July 12, 2026.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
