CVE-2026-53753 | Crawl4AI is an open-source LLM friendly web crawler & scrape… | CVSS 9.8 CRITICAL

Description

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema. This vulnerability is fixed in 0.8.7.

Metadata

CVE ID: CVE-2026-53753
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-10 17:48 UTC
Published: 2026-06-23 18:17 UTC
Last updated: 2026-06-23 18:55 UTC
Primary CWE: CWE-94
CWE-94: Improper Control of Generation of Code ('Code Inject…
Vendor / Product: unclecode / crawl4ai
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
unclecode	crawl4ai	—	< 0.8.7

Weakness (CWE)

CWE	Source	Description
CWE-913	cna	CWE-913: Improper Control of Dynamically-Managed Code Resources
CWE-94	cna	CWE-94: Improper Control of Generation of Code ('Code Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://github.com/unclecode/crawl4ai/security/advisories/GHSA-qxjp-w3pj-48m7 https://github.com/unclecode/crawl4ai/security/advisories/GHSA-qxjp-w3pj-48m7