What is CVE-2026-56258?

CVE-2026-56258 is a high-severity vulnerability in Crawl4ai, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-06-23.

How severe is CVE-2026-56258?

High severity. CVSS v3 base score is 8.1 out of 10.

Path Traversal in Crawl4ai

CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU)…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Crawl4ai — versions 0, 0.8.8

Weakness classification (CWE)

CWE-22 — Path Traversal

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-56258?: CVE-2026-56258 is a high-severity vulnerability in Crawl4ai, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-06-23.
How severe is CVE-2026-56258?: High severity. CVSS v3 base score is 8.1 out of 10.