Crawl4AI Arbitrary File Write via Docker API Server Endpoints (CVE-2026-56260)
Crawl4AI versions prior to 0.8.7 are vulnerable to CVE-2026-56260, an arbitrary file write vulnerability in its Docker API server's /screenshot and /pdf endpoints, allowing unauthenticated attackers to supply path traversal or absolute file paths via the output_path parameter to overwrite server files, leading to denial of service or impaired defenses.
CVE-2026-56260 describes a critical arbitrary file write vulnerability affecting Crawl4AI software versions before 0.8.7. The flaw resides within the Docker API server's /screenshot and /pdf endpoints, specifically concerning the output_path parameter. This parameter, which is intended to specify the output location for generated files, lacks proper validation. Consequently, an attacker can manipulate this parameter by supplying absolute filesystem paths or path-traversal sequences (e.g., ../../). This exploitation allows them to write files to arbitrary locations on the server, provided the application's user has write permissions to those directories. Such a capability can lead to critical consequences, including overwriting essential server configuration files, deleting application binaries, or writing malicious content, which can result in denial of service or the compromise of system integrity. The vulnerability has a CVSS v3.1 base score of 9.1, indicating its severe impact.
Attack Chain
- An unauthenticated attacker identifies a public-facing Crawl4AI Docker API server instance vulnerable to CVE-2026-56260.
- The attacker crafts a malicious HTTP POST request targeting either the
/screenshotor/pdfendpoint of the Crawl4AI Docker API server. - Within this POST request, the attacker includes the
output_pathparameter, which is typically used to define where the generated output file should be saved. - The attacker manipulates the
output_pathparameter by injecting an absolute file path (e.g.,/etc/passwd,C:\Windows\system.ini) or a path traversal sequence (e.g.,../../../web/index.html). - Due to the lack of validation, the Crawl4AI application attempts to write the generated file (screenshot or PDF content) to the attacker-specified arbitrary location on the server's filesystem.
- If successful, the attacker overwrites an existing critical server file or writes new content to a sensitive location, which can lead to application malfunction, denial of service, or the potential for further compromise by altering configuration or application behavior.
Impact
Successful exploitation of CVE-2026-56260 can lead to severe consequences for affected organizations utilizing Crawl4AI. By overwriting critical server files, attackers can disrupt the normal operation of the application and the underlying system, resulting in a denial of service. This could mean significant downtime, loss of productivity, and potential data corruption. Furthermore, overwriting certain system or application files could be leveraged to impair system defenses, making the server more susceptible to subsequent attacks. While the NVD advisory does not specify the number of victims or targeted sectors, any organization running vulnerable Crawl4AI versions faces a critical risk of operational disruption and data integrity loss.
Recommendation
- Upgrade Crawl4AI to version 0.8.7 or newer immediately to mitigate CVE-2026-56260.
- Deploy the Sigma rule provided in this brief to your SIEM solution to detect exploitation attempts of CVE-2026-56260.
- Ensure web server logs (category
webserver) are configured to capture full HTTP request details, including method, URI stem, and query parameters, to enable detection of CVE-2026-56260 exploitation.
Detection coverage 1
Detects CVE-2026-56260 Exploitation - Crawl4AI Arbitrary File Write Attempt
highDetects exploitation attempts against CVE-2026-56260 where an attacker tries to write to arbitrary files using path traversal or absolute paths via the 'output_path' parameter in Crawl4AI's /screenshot or /pdf Docker API endpoints.
Detection queries are available on the platform. Get full rules →