Improper Control of Dynamically-Managed Code Resources Affecting crawl4ai package, versions [,0.8.7)


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.45% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-CRAWL4AI-17661139
  • published28 Jun 2026
  • disclosed16 Jun 2026
  • creditUnknown

Introduced: 16 Jun 2026

NewCVE-2026-53753  (opens in a new tab)
CWE-913  (opens in a new tab)
CWE-94  (opens in a new tab)

How to fix?

Upgrade Crawl4AI to version 0.8.7 or higher.

Overview

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the _safe_eval_expression function. An attacker can execute arbitrary system commands, read or write files, and exfiltrate sensitive data by sending a crafted extraction schema in a POST /crawl request that leverages Python generator and frame object attributes to escape the AST sandbox and achieve code execution. This is only exploitable if JWT authentication is disabled (the default configuration).

Workaround

This vulnerability can be mitigated by enabling JWT authentication via the CRAWL4AI_API_TOKEN environment variable or restricting network access to the Docker API.

CVSS Base Scores

version 4.0
version 3.1