CVE-2026-57571 PUBLISHED

Crawl4AI arbitrary file write via download filename path traversal

Assigner: GitHub_M
Reserved: 24.06.2026 Published: 06.07.2026 Updated: 07.07.2026

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or traversal escaped the downloads directory, giving an arbitrary file write with attacker-controlled contents; the HTTP crawler path uses the response Content-Disposition filename and the browser crawler path uses the download's suggested filename. Because the written bytes are attacker-controlled, this can escalate to remote code execution. This issue is fixed in version 0.9.0.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 9.6

Product Status

Vendor unclecode
Product crawl4ai
Versions
  • Version < 0.9.0 is affected

References

Problem Types

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE