CVE-2026-57571 in Crawl4AIinfo

Summary

by MITRE • 07/06/2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or traversal escaped the downloads directory, giving an arbitrary file write with attacker-controlled contents; the HTTP crawler path uses the response Content-Disposition filename and the browser crawler path uses the download's suggested filename. Because the written bytes are attacker-controlled, this can escalate to remote code execution. This issue is fixed in version 0.9.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability in Crawl4AI represents a critical arbitrary file write flaw that stems from insufficient input validation and path confinement mechanisms within the web crawling framework. Prior to version 0.9.0, the crawler's file saving functionality failed to properly sanitize filenames derived from HTTP response headers, specifically the Content-Disposition header used by HTTP crawlers and the download suggestion mechanism employed by browser crawlers. This design flaw creates a path traversal vulnerability where attacker-controlled input directly influences the destination filepath without adequate sanitization or directory confinement checks.

The technical exploitation of this vulnerability occurs through manipulation of HTTP response headers or download suggestions that contain malicious filenames containing absolute paths or directory traversal sequences such as ../ or ..\\. When these unvalidated filenames are concatenated with the designated downloads directory path, the resulting filepath can escape the intended download location. This allows attackers to write files anywhere within the filesystem where the crawler process has write permissions, effectively bypassing normal file system access controls and sandboxing mechanisms.

This vulnerability maps directly to CWE-22 Path Traversal and CWE-73 Path Traversal in the Common Weakness Enumeration catalog, representing a classic case of insufficient input sanitization combined with inadequate path confinement. The operational impact extends far beyond simple unauthorized file creation, as the attacker-controlled file contents can include malicious code or payloads that when executed by the crawler process or subsequently by other system components can lead to complete system compromise. The vulnerability represents a severe privilege escalation vector where an attacker can achieve remote code execution through carefully crafted HTTP responses that manipulate the crawler's file saving behavior.

The remediation in version 0.9.0 addresses this through proper input validation and path confinement mechanisms that strip or sanitize potentially malicious path components from filenames before concatenating them with the download directory path. This implementation follows security best practices outlined in the OWASP Top Ten and aligns with ATT&CK technique T1059 Command and Scripting Interpreter for executing code on compromised systems. The fix ensures that all generated file paths remain confined within the designated download directory regardless of input source, preventing attackers from escaping the intended sandboxed environment through manipulation of HTTP headers or download suggestions.

Security practitioners should implement additional monitoring for unusual file creation patterns in crawler download directories and consider network-level controls to prevent access to known malicious domains that might be used to deliver payloads through this vulnerability. The incident highlights the importance of proper input validation in web applications and the need for robust path confinement mechanisms, particularly when dealing with user-controllable data from external sources. Organizations using Crawl4AI should immediately upgrade to version 0.9.0 or later and review their crawler configurations for any custom implementations that might introduce similar vulnerabilities through improper handling of file paths or HTTP response headers.

Responsible

GitHub M

Reservation

06/24/2026

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!