Product
Crawl4AI versions before 0.8.7 contain a server-side request forgery (SSRF) vulnerability, CVE-2026-56261, in its Docker API server's webhook endpoints, allowing an attacker to coerce the server into making requests to internal services and potentially expose cloud metadata.