Which SIEM platforms have a CVE-2026-56266 detection rule?

df00tech provides CVE-2026-56266 (Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution)) detection queries for 7 SIEM platforms: Microsoft Sentinel / Defender, Splunk, Elastic Security (EQL), IBM QRadar (AQL), Sumo Logic CSE, Google Chronicle / SecOps, CrowdStrike LogScale (CQL).

What severity and confidence is the CVE-2026-56266 detection?

The CVE-2026-56266 detection is rated critical severity with high confidence.

What are common false positives for CVE-2026-56266?

Common false positives for CVE-2026-56266 include: Legitimate web crawling services hitting internal Crawl4AI deployments with unusual URL patterns; Security scanners (Burp Suite, OWASP ZAP) running authorized assessments against Crawl4AI; Development/testing environments where developers test path-based features.

CVE-2026-56266

Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution)

Q: What data sources are required to detect Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) (CVE-2026-56266)?

Detecting Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) requires the following data sources: CommonSecurityLog, AzureDiagnostics, W3CIISLog.

Initial Access Execution Credential Access Discovery Lateral Movement Collection Last updated: June 23, 2026

Detects exploitation of CVE-2026-56266 affecting Crawl4AI <= 0.8.6 Docker API. The vulnerability bundle includes unauthenticated access (CWE-306), path traversal file write (CWE-22), server-side request forgery (CWE-918), stored/reflected XSS (CWE-79), JavaScript injection/execution (CWE-94), and hardcoded credentials (CWE-798). A public PoC is available. Successful exploitation allows full container compromise, internal network pivoting, and arbitrary file write to the host.

Vulnerability Intelligence

Public PoC

CVE

CVE-2026-56266↗ NVD

Affected Software

Vendor: pip
Product: crawl4ai
Versions: <= 0.8.6

Weakness (CWE)

CWE-22 CWE-79 CWE-94 CWE-306 CWE-798 CWE-918

Timeline

Disclosed: June 16, 2026

References & Proof of Concept

CVSS

9.8

Critical (9.0–10)

Read the write-up →

What is CVE-2026-56266 Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution)?

Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) (CVE-2026-56266) maps to the Initial Access and Execution and Credential Access and Discovery and Lateral Movement and Collection tactics — the adversary is trying to get into your network in MITRE ATT&CK.

This page provides production-ready detection logic for Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution), covering the data sources and telemetry it touches: CommonSecurityLog, AzureDiagnostics, W3CIISLog. The queries below are rated critical severity at high confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic: Initial Access Execution Credential Access Discovery Lateral Movement Collection

Microsoft Sentinel / Defender

kusto

let crawl4ai_ports = dynamic([11235, 8080, 8000]);
let ssrf_patterns = dynamic(['/crawl', '/screenshot', '/execute_js', '/extract']);
let traversal_patterns = dynamic(['../', '%2e%2e', '%252e%252e', '..%2f', '..%5c']);
union isfuzzy=true
(
    CommonSecurityLog
    | where TimeGenerated >= ago(24h)
    | where DeviceProduct has_any ('nginx', 'apache', 'haproxy') or ApplicationProtocol == 'HTTP'
    | where DestinationPort in (crawl4ai_ports)
    | where RequestURL has_any (ssrf_patterns)
    | extend ThreatIndicator = case(
        RequestURL has_any (traversal_patterns), 'PathTraversal',
        RequestURL contains 'file://', 'SSRF-FileScheme',
        RequestURL contains '169.254.169.254', 'SSRF-MetadataService',
        RequestURL contains '127.0.0.1', 'SSRF-Loopback',
        RequestURL contains '10.', 'SSRF-PrivateRange',
        RequestURL contains '192.168.', 'SSRF-PrivateRange',
        RequestURL contains 'execute_js', 'JSInjection',
        'SuspiciousRequest'
    )
    | project TimeGenerated, SourceIP, DestinationIP, DestinationPort, RequestURL, ThreatIndicator, RequestMethod
),
(
    AzureDiagnostics
    | where TimeGenerated >= ago(24h)
    | where ResourceType == 'APPLICATIONGATEWAYS'
    | where requestUri_s has_any (ssrf_patterns)
    | where requestUri_s has_any (traversal_patterns) or httpStatus_d in (200, 201) and requestUri_s has_any (ssrf_patterns)
    | extend ThreatIndicator = 'AppGW-Crawl4AI-Exploit'
    | project TimeGenerated, clientIP_s, requestUri_s, httpStatus_d, ThreatIndicator
)
| summarize EventCount = count(), FirstSeen = min(TimeGenerated), LastSeen = max(TimeGenerated), UniqueURLs = dcount(RequestURL) by SourceIP, ThreatIndicator
| where EventCount >= 2
| extend RiskScore = case(ThreatIndicator in ('SSRF-MetadataService', 'SSRF-FileScheme', 'PathTraversal'), 95, ThreatIndicator == 'JSInjection', 85, 70)
| sort by RiskScore desc

Detects HTTP requests to Crawl4AI Docker API endpoints exhibiting path traversal, SSRF, or JS injection patterns on common Crawl4AI ports. Correlates multiple indicators to reduce noise.

critical severity high confidence

Data Sources

CommonSecurityLog AzureDiagnostics W3CIISLog

Required Tables

CommonSecurityLog AzureDiagnostics

False Positives

Legitimate web crawling services hitting internal Crawl4AI deployments with unusual URL patterns
Security scanners (Burp Suite, OWASP ZAP) running authorized assessments against Crawl4AI
Development/testing environments where developers test path-based features
Automated integration tests that exercise all Crawl4AI API endpoints including JS execution

Splunk

spl

index=web OR index=proxy OR index=network sourcetype IN ("access_combined", "nginx:access", "apache:access", "haproxy", "pan:traffic", "cisco:asa")
| where match(uri_path, "(?i)/(?:crawl|screenshot|execute_js|extract|batch|health)")
| eval port_num=coalesce(dest_port, 8080)
| where port_num IN (11235, 8080, 8000, 8001)
| eval threat_type=case(
    match(uri_path, "(?i)(\.\./|%2e%2e|%252e%252e|\.\.%2f)"), "PathTraversal-FileWrite",
    match(uri_query, "(?i)(file://|gopher://|dict://)"), "SSRF-AltScheme",
    match(uri_query, "169\.254\.169\.254"), "SSRF-CloudMetadata",
    match(uri_query, "(?i)(127\.0\.0\.1|localhost|::1)"), "SSRF-Loopback",
    match(uri_query, "(?i)(10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[01]))"), "SSRF-PrivateRange",
    match(uri_path, "(?i)execute_js"), "JSCodeExecution",
    match(uri_query, "(?i)(<script|javascript:|onerror=|onload=)"), "XSS-Injection",
    true(), "SuspiciousAPICall"
  )
| where isnotnull(threat_type)
| eval auth_header=if(isnull(http_user_agent) OR len(http_authorization)<5, "NoAuth", "HasAuth")
| stats count AS request_count, values(uri_path) AS paths_accessed, values(threat_type) AS threat_types, min(_time) AS first_seen, max(_time) AS last_seen, dc(uri_path) AS unique_paths BY src_ip, dest_ip, auth_header
| where request_count >= 2 OR (request_count >= 1 AND mvcount(threat_types) > 1)
| eval risk_score=case(
    mvfind(threat_types, "SSRF-CloudMetadata") >= 0 OR mvfind(threat_types, "PathTraversal-FileWrite") >= 0, 95,
    mvfind(threat_types, "JSCodeExecution") >= 0, 85,
    true(), 70
  )
| sort - risk_score
| table first_seen, last_seen, src_ip, dest_ip, request_count, unique_paths, threat_types, auth_header, risk_score

Detects exploitation attempts against Crawl4AI Docker API by identifying path traversal, SSRF, JS execution, and XSS injection patterns in HTTP access logs across common Crawl4AI deployment ports.

critical severity high confidence

Data Sources

Web proxy logs Nginx/Apache access logs HAProxy logs Palo Alto traffic logs

Required Sourcetypes

access_combined nginx:access apache:access haproxy pan:traffic

False Positives

Legitimate crawl jobs targeting internal URLs that happen to be on private IP ranges
Authorized penetration testing against Crawl4AI deployments
JavaScript-heavy crawl tasks submitted by authenticated users in multi-tenant deployments
Misconfigured reverse proxies routing unrelated traffic through Crawl4AI ports

IBM QRadar (AQL)

sql

SELECT
  sourceip,
  destinationip,
  destinationport,
  URL,
  "Request Method" AS http_method,
  "Response Code" AS http_status,
  COUNT(*) AS event_count,
  MIN(starttime) AS first_seen,
  MAX(starttime) AS last_seen,
  CASE
    WHEN URL ILIKE '%../%' OR URL ILIKE '%..\\%' OR URL ILIKE '%2e2e%' OR URL ILIKE '%252e%' THEN 'PathTraversal'
    WHEN URL ILIKE '%169.254.169.254%' THEN 'SSRF-CloudMetadata'
    WHEN URL ILIKE '%file://%' OR URL ILIKE '%gopher://%' THEN 'SSRF-AltScheme'
    WHEN URL ILIKE '%127.0.0.1%' OR URL ILIKE '%localhost%' THEN 'SSRF-Loopback'
    WHEN URL ILIKE '%execute_js%' THEN 'JSCodeExecution'
    WHEN URL ILIKE '%<script%' OR URL ILIKE '%javascript:%' OR URL ILIKE '%onerror=%' THEN 'XSS'
    WHEN URL ILIKE '%192.168.%' OR URL ILIKE '%10.%' THEN 'SSRF-PrivateRange'
    ELSE 'SuspiciousAPICall'
  END AS threat_type
FROM events
WHERE
  LOGSOURCETYPENAME(devicetype) IN ('Apache HTTP Server', 'Nginx', 'IBM Security Network IPS', 'Juniper Networks')
  AND destinationport IN (11235, 8080, 8000, 8001)
  AND (
    URL ILIKE '%/crawl%'
    OR URL ILIKE '%/execute_js%'
    OR URL ILIKE '%/screenshot%'
    OR URL ILIKE '%/extract%'
    OR URL ILIKE '%169.254.169.254%'
    OR URL ILIKE '%../%'
    OR URL ILIKE '%file://%'
  )
  AND DATEFORMAT(starttime, 'yyyy-MM-dd') >= DATEADD('day', -1, CURRENT_DATE)
GROUP BY sourceip, destinationip, destinationport, URL, http_method, http_status, threat_type
HAVING COUNT(*) >= 1
ORDER BY last_seen DESC

QRadar AQL query identifying Crawl4AI API exploitation indicators across web server log sources, categorizing request patterns by threat type and filtering to known Crawl4AI deployment ports.

critical severity medium confidence

Data Sources

Apache HTTP Server logs Nginx access logs Network IPS events QRadar flow data

Required Tables

events

False Positives

Authorized penetration test traffic against Crawl4AI instances from known security team IP ranges
Legitimate JavaScript-heavy crawl workloads accessing the execute_js endpoint
Internal microservices making loopback requests through Crawl4AI API for legitimate scraping tasks
Misconfigured web application firewalls logging benign traffic as suspicious URL patterns

Google Chronicle / SecOps

yaral

rule crawl4ai_exploit_attempt {
  meta:
    author = "df00tech Detection Engineering"
    description = "Detects exploitation of CVE-2026-56266 Crawl4AI multiple vulnerabilities"
    severity = "CRITICAL"
    priority = "HIGH"
    reference = "https://github.com/advisories/GHSA-365w-hqf6-vxfg"
    version = "1.0"

  events:
    $e.metadata.event_type = "NETWORK_HTTP"
    $e.target.port in (11235, 8080, 8000, 8001)
    (
      re.regex($e.network.http.request_url, `(?i)/(?:crawl|execute_js|screenshot|extract|batch)`) or
      re.regex($e.network.http.request_url, `(?i)(\.\./|%2e%2e|%252e%252e|file://|gopher://|169\.254\.169\.254)`) or
      re.regex($e.network.http.request_url, `(?i)(<script|javascript:|onerror=|onload=)`)
    )
    $ip = $e.principal.ip

  match:
    $ip over 5m

  outcome:
    $risk_score = max(
      if(re.regex($e.network.http.request_url, `169\.254\.169\.254|file://`), 95,
      if(re.regex($e.network.http.request_url, `execute_js|%2e%2e|\.\./`), 85, 70))
    )
    $threat_type = array_distinct(
      if(re.regex($e.network.http.request_url, `(?i)(\.\./|%2e%2e)`), "PathTraversal",
      if(re.regex($e.network.http.request_url, `169\.254\.169\.254`), "SSRF-CloudMetadata",
      if(re.regex($e.network.http.request_url, `execute_js`), "JSExecution", "Other")))
    )

  condition:
    $e
}

Chronicle YARA-L rule detecting HTTP requests matching Crawl4AI exploit patterns within a 5-minute match window, with risk scoring based on threat severity of the observed indicator.

critical severity high confidence

Data Sources

Chronicle HTTP logs GCP Load Balancer logs Cloud Armor WAF logs

Required Tables

network_http

False Positives

Automated crawl jobs submitting legitimate JavaScript-heavy pages to execute_js endpoint
Internal penetration tests from GCP Cloud Shell or authorized GCP project IPs
Cloud-native CI pipelines testing Crawl4AI containers in GKE with unusual URL parameters
Security research or bug bounty activities against development Crawl4AI instances

Sigma rule & cross-platform mapping

The detection logic for Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) (CVE-2026-56266) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource:

logsource:
  product: azure

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-56266 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-56266

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)

Last updated: 2026-06-23 Research depth: standard

References (2)

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

Test 1Crawl4AI Unauthenticated API Access Test
Expected signal: HTTP POST to port 11235 /crawl endpoint with 200 response and no Authorization header in request logs
Test 2Crawl4AI SSRF via Cloud Metadata Endpoint
Expected signal: Outbound HTTP connection from Crawl4AI container to 169.254.169.254:80; logged in container network flow data and potentially in WAF/proxy logs
Test 3Crawl4AI Path Traversal File Read via Screenshot Endpoint
Expected signal: HTTP POST to /screenshot or /crawl with file:// URL scheme in request body; response may contain file contents if vulnerable
Test 4Crawl4AI JavaScript Code Injection via execute_js Endpoint
Expected signal: HTTP POST to /execute_js with js_code parameter containing JavaScript; Crawl4AI process spawning Playwright browser subprocess

Response Playbook

1. Examine the full command line and decode any Base64 content...
2. Identify the parent process chain and user context...
3. Check for concurrent network connections from the process...

Investigation Guide

Related techniques: T1027, T1105, T1562.001...
Forensic artifacts: PSReadLine history, Prefetch, ScriptBlock logs...

Atomic Red Team Tests

Test 1: Encoded command execution...
Test 2: Download cradle via Net.WebClient...

Unlock Pro Content

Get the full detection package for CVE-2026-56266 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance

Vulnerability Intelligence

CVE

Affected Software

Weakness (CWE)

Timeline

References & Proof of Concept

CVSS

What is CVE-2026-56266 Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution)?

MITRE ATT&CK

Data Sources

Required Tables

False Positives

Data Sources

Required Sourcetypes

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Data Sources

Required Tables

False Positives

Sigma rule & cross-platform mapping

Platform-specific guides for CVE-2026-56266

Testing Methodology

Unlock Pro Content

Related Detections

Tactic Hubs

Related Techniques

Same Tactic: Initial Access

Popular Detections

Get new detections in your inbox