CVE-2026-56266 Microsoft Sentinel · KQL

Detect Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) in Microsoft Sentinel

Detects exploitation of CVE-2026-56266 affecting Crawl4AI <= 0.8.6 Docker API. The vulnerability bundle includes unauthenticated access (CWE-306), path traversal file write (CWE-22), server-side request forgery (CWE-918), stored/reflected XSS (CWE-79), JavaScript injection/execution (CWE-94), and hardcoded credentials (CWE-798). A public PoC is available. Successful exploitation allows full container compromise, internal network pivoting, and arbitrary file write to the host.

MITRE ATT&CK

Tactic
Initial Access Execution Credential Access Discovery Lateral Movement Collection

KQL Detection Query

Microsoft Sentinel (KQL)
kusto 
let crawl4ai_ports = dynamic([11235, 8080, 8000]);
let ssrf_patterns = dynamic(['/crawl', '/screenshot', '/execute_js', '/extract']);
let traversal_patterns = dynamic(['../', '%2e%2e', '%252e%252e', '..%2f', '..%5c']);
union isfuzzy=true
(
    CommonSecurityLog
    | where TimeGenerated >= ago(24h)
    | where DeviceProduct has_any ('nginx', 'apache', 'haproxy') or ApplicationProtocol == 'HTTP'
    | where DestinationPort in (crawl4ai_ports)
    | where RequestURL has_any (ssrf_patterns)
    | extend ThreatIndicator = case(
        RequestURL has_any (traversal_patterns), 'PathTraversal',
        RequestURL contains 'file://', 'SSRF-FileScheme',
        RequestURL contains '169.254.169.254', 'SSRF-MetadataService',
        RequestURL contains '127.0.0.1', 'SSRF-Loopback',
        RequestURL contains '10.', 'SSRF-PrivateRange',
        RequestURL contains '192.168.', 'SSRF-PrivateRange',
        RequestURL contains 'execute_js', 'JSInjection',
        'SuspiciousRequest'
    )
    | project TimeGenerated, SourceIP, DestinationIP, DestinationPort, RequestURL, ThreatIndicator, RequestMethod
),
(
    AzureDiagnostics
    | where TimeGenerated >= ago(24h)
    | where ResourceType == 'APPLICATIONGATEWAYS'
    | where requestUri_s has_any (ssrf_patterns)
    | where requestUri_s has_any (traversal_patterns) or httpStatus_d in (200, 201) and requestUri_s has_any (ssrf_patterns)
    | extend ThreatIndicator = 'AppGW-Crawl4AI-Exploit'
    | project TimeGenerated, clientIP_s, requestUri_s, httpStatus_d, ThreatIndicator
)
| summarize EventCount = count(), FirstSeen = min(TimeGenerated), LastSeen = max(TimeGenerated), UniqueURLs = dcount(RequestURL) by SourceIP, ThreatIndicator
| where EventCount >= 2
| extend RiskScore = case(ThreatIndicator in ('SSRF-MetadataService', 'SSRF-FileScheme', 'PathTraversal'), 95, ThreatIndicator == 'JSInjection', 85, 70)
| sort by RiskScore desc
critical severity high confidence

Detects HTTP requests to Crawl4AI Docker API endpoints exhibiting path traversal, SSRF, or JS injection patterns on common Crawl4AI ports. Correlates multiple indicators to reduce noise.

Data Sources

CommonSecurityLogAzureDiagnosticsW3CIISLog

Required Tables

CommonSecurityLogAzureDiagnostics

False Positives & Tuning

  • Legitimate web crawling services hitting internal Crawl4AI deployments with unusual URL patterns
  • Security scanners (Burp Suite, OWASP ZAP) running authorized assessments against Crawl4AI
  • Development/testing environments where developers test path-based features
  • Automated integration tests that exercise all Crawl4AI API endpoints including JS execution

Other platforms for CVE-2026-56266

Splunk (SPL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Crawl4AI Unauthenticated API Access Test

    Expected signal: HTTP POST to port 11235 /crawl endpoint with 200 response and no Authorization header in request logs

  2. Test 2Crawl4AI SSRF via Cloud Metadata Endpoint

    Expected signal: Outbound HTTP connection from Crawl4AI container to 169.254.169.254:80; logged in container network flow data and potentially in WAF/proxy logs

  3. Test 3Crawl4AI Path Traversal File Read via Screenshot Endpoint

    Expected signal: HTTP POST to /screenshot or /crawl with file:// URL scheme in request body; response may contain file contents if vulnerable

  4. Test 4Crawl4AI JavaScript Code Injection via execute_js Endpoint

    Expected signal: HTTP POST to /execute_js with js_code parameter containing JavaScript; Crawl4AI process spawning Playwright browser subprocess

Last updated: 2026-06-23 Research depth: standard
References (2)

Unlock Pro Content

Get the full detection package for CVE-2026-56266 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0001Initial AccessTA0002ExecutionTA0006Credential AccessTA0007DiscoveryTA0008Lateral MovementTA0009Collection

Related Techniques

T1190Exploit Public-Facing ApplicationT1552.001Credentials In FilesT1018Remote System DiscoveryT1083File and Directory DiscoveryT1059.007JavaScript

Same Tactic: Initial Access

Popular Detections