CVE-2026-56263

MEDIUM NVD

CVSS Score 6.1

Severity MEDIUM

Published Jun 23, 2026

Vendor unknown

Description

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard.

References

https://github.com/unclecode/crawl4ai
https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg
https://www.vulncheck.com/advisories/crawl4ai-stored-cross-site-scripting-in-monitor-dashboard