Vulnerability Brief

CVE-2026-53755

What this means for your business

A security vulnerability in the Chrome/Chromium product affects the way it handles connections to internal services and cloud-metadata endpoints. If an attacker can send a malicious request, they may be able to route the browser through an internal IP address, potentially accessing sensitive information or disrupting operations. This vulnerability is now fixed in version 0.8.9, but it's essential to update the product to ensure ongoing security.

Severity: HIGH
CVSS score: 8.6

Technical summary

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.