CVE-2026-53753 Splunk · SPL

Detect Crawl4AI AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Splunk

Detects exploitation of CVE-2026-53753, a critical pre-authentication remote code execution vulnerability in Crawl4AI (<=0.8.6) Docker API. The vulnerability allows attackers to escape Python AST-based sandboxing via generator frame introspection (gi_frame.f_back chain), enabling arbitrary code execution without authentication. CVSS 9.8 critical; public PoC available.

MITRE ATT&CK

Tactic
Initial Access Execution Privilege Escalation

SPL Detection Query

Splunk (SPL)
spl 
index=* (sourcetype=suricata OR sourcetype=zeek_http OR sourcetype=nginx_access OR sourcetype=docker_logs)
| eval is_crawl4ai_request=if(match(uri, "/(execute|run|crawl|extract)") OR dest_port IN ("11235", "8080", "8000"), 1, 0)
| where is_crawl4ai_request=1
| join type=left dest_ip [
    search index=* sourcetype=syslog ("gi_frame" OR "f_back" OR "__globals__" OR "__builtins__" OR "os.system" OR "__import__" OR "subprocess.Popen")
    | stats count by host, _raw
    | rename host as dest_ip
]
| where isnotnull(_raw)
| table _time, src_ip, dest_ip, uri, status, _raw
| eval alert="CVE-2026-53753: Crawl4AI AST sandbox escape attempt"
critical severity high confidence

Detects Crawl4AI API access correlated with sandbox escape payload patterns in Python process logs, indicating exploitation of CVE-2026-53753.

Data Sources

Suricata IDSZeek HTTP logsNginx access logsDocker container logsSyslog

Required Sourcetypes

suricatazeek_httpnginx_accessdocker_logssyslog

False Positives & Tuning

  • Authorized red team exercises against Crawl4AI deployments
  • Legitimate Python introspection libraries that inspect generator frame objects
  • Development environments where debugging frame-level inspection is expected
  • Security scanning tools performing CVE verification checks

Other platforms for CVE-2026-53753

Microsoft Sentinel (KQL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1CVE-2026-53753 Basic Sandbox Escape via gi_frame

    Expected signal: HTTP POST to /execute endpoint followed by Python process executing os.system('id') and writing to /tmp/crawl4ai_pwned.txt; child process of uvicorn/gunicorn spawning /bin/sh

  2. Test 2CVE-2026-53753 Remote Code Execution with Reverse Shell

    Expected signal: Outbound TCP connection from Crawl4AI container to attacker IP on port 4444; subprocess.Popen spawning bash with stdin redirected to network socket

  3. Test 3CVE-2026-53753 Credential Exfiltration from Container Environment

    Expected signal: HTTP POST with gi_frame payload followed by Python reading os.environ; response containing environment variable key-value pairs potentially including API_KEY, DATABASE_URL, VAULT_TOKEN

  4. Test 4CVE-2026-53753 Unauthenticated Version Fingerprinting

    Expected signal: Unauthenticated HTTP GET to /health or root endpoint returning Crawl4AI version information without requiring credentials

Last updated: 2026-06-23 Research depth: standard
References (4)

Unlock Pro Content

Get the full detection package for CVE-2026-53753 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0001Initial AccessTA0002ExecutionTA0004Privilege Escalation

Related Techniques

T1190Exploit Public-Facing ApplicationT1059.006PythonT1611Escape to HostT1552.001Credentials In Files

Same Tactic: Initial Access

Popular Detections