CVE Catalog

CVE-2026-56262

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

33th percentile — higher than 33% of all known CVEs

Summary

Crawl4AI before version 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.

Risk Assessment

The risk is that an unauthenticated remote attacker can disrupt the service, potentially causing downtime and loss of monitoring data.

Recommendation

Immediately update Crawl4AI to version 0.8.7 or later, which fixes this vulnerability. If updating is not possible, restrict access to the monitor endpoints using a firewall or application-level authentication.

Original NVD description (English source)

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS