Symlink Attack Affecting crawl4ai package, versions [,0.9.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Symlink Attack vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-CRAWL4AI-17661144
  • published28 Jun 2026
  • disclosed18 Jun 2026
  • creditUnknown

Introduced: 18 Jun 2026

New CVE NOT AVAILABLE CWE-22  (opens in a new tab)
CWE-59  (opens in a new tab)

How to fix?

Upgrade Crawl4AI to version 0.9.0 or higher.

Overview

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Symlink Attack via the download process. An attacker can overwrite arbitrary files with attacker-controlled content by supplying crafted filenames containing absolute paths or directory traversal sequences, which are then written outside the intended downloads directory. This can lead to execution of malicious code by overwriting files such as shell rc-files, ~/.ssh/authorized_keys, cron entries, or Python modules on the import path. This is only exploitable if the crawler is run with sufficient privileges or in an environment where sensitive paths are writable.

Workaround

This vulnerability can be mitigated by running the crawler as an unprivileged user with a dedicated, isolated downloads directory on a volume with no sensitive paths writable, or by enabling authentication (CRAWL4AI_API_TOKEN) on the Docker server.

References

CVSS Base Scores

version 4.0
version 3.1