CVE-2026-53755: Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

June 16, 2026

The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default.

References

github.com/advisories/GHSA-6qhc-x826-342c
github.com/unclecode/crawl4ai/security/advisories/GHSA-6qhc-x826-342c
nvd.nist.gov/vuln/detail/CVE-2026-53755

Code Behaviors & Features

Detect and mitigate CVE-2026-53755 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →