Critical Arbitrary File Write Vulnerability in Crawl4AI (CVE-2026-56260)

Critical Arbitrary File Write Vulnerability in Crawl4AI (CVE-2026-56260)

First seen 13 Jul 2026, 00:12 UTC Feedlyexploit-intel.comwww.incibe.eswww.thehackerwire.comnitter.net 92% similarity 72.8

Article Content

Browse articles
ThreatCluster

CVE-2026-56260 is a critical arbitrary file write vulnerability affecting Crawl4AI versions prior to 0.8.7. This flaw exists in the Docker API server's /screenshot and /pdf endpoints, allowing unauthenticated attackers to write arbitrary files to any filesystem location accessible by the application's user. The vulnerability has a CVSS score of 9.1, indicating a high severity level. Currently, there are no known public proof-of-concept exploits, but the potential for denial of service and server file overwriting poses a significant risk. Users are advised to upgrade to version 0.8.7 or later to mitigate this issue. If immediate patching is not feasible, restricting access to the affected endpoints is recommended. The vulnerability was first published on July 12, 2026.

Key Points: • CVE-2026-56260 allows arbitrary file writes via Docker API endpoints in Crawl4AI. • The vulnerability has a CVSS score of 9.1, indicating critical severity. • Immediate patching to version 0.8.7 or later is strongly recommended.

ThreatCluster AI

Timeline

2026-07-12
CVE-2026-56260 published
CVE-2026-56260 was published, detailing a critical arbitrary file write vulnerability in Crawl4AI.
Feedly
2026-07-13
Vulnerability details confirmed
INCIBE-CERT confirmed the critical nature of CVE-2026-56260 with a CVSS score of 9.1.
www.incibe.es
2026-07-13
Exploit intelligence reported
Exploit-intel.com reported on the arbitrary file write vulnerability in Crawl4AI, emphasizing its critical impact.
exploit-intel.com

Community

Browse all →