Detect Crawl4AI Docker API Multiple Critical Vulnerabilities (File Write, SSRF, Auth Bypass, XSS, JS Execution) in Splunk
Detects exploitation of CVE-2026-56266 affecting Crawl4AI <= 0.8.6 Docker API. The vulnerability bundle includes unauthenticated access (CWE-306), path traversal file write (CWE-22), server-side request forgery (CWE-918), stored/reflected XSS (CWE-79), JavaScript injection/execution (CWE-94), and hardcoded credentials (CWE-798). A public PoC is available. Successful exploitation allows full container compromise, internal network pivoting, and arbitrary file write to the host.
MITRE ATT&CK
SPL Detection Query
index=web OR index=proxy OR index=network sourcetype IN ("access_combined", "nginx:access", "apache:access", "haproxy", "pan:traffic", "cisco:asa")
| where match(uri_path, "(?i)/(?:crawl|screenshot|execute_js|extract|batch|health)")
| eval port_num=coalesce(dest_port, 8080)
| where port_num IN (11235, 8080, 8000, 8001)
| eval threat_type=case(
match(uri_path, "(?i)(\.\./|%2e%2e|%252e%252e|\.\.%2f)"), "PathTraversal-FileWrite",
match(uri_query, "(?i)(file://|gopher://|dict://)"), "SSRF-AltScheme",
match(uri_query, "169\.254\.169\.254"), "SSRF-CloudMetadata",
match(uri_query, "(?i)(127\.0\.0\.1|localhost|::1)"), "SSRF-Loopback",
match(uri_query, "(?i)(10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[01]))"), "SSRF-PrivateRange",
match(uri_path, "(?i)execute_js"), "JSCodeExecution",
match(uri_query, "(?i)(<script|javascript:|onerror=|onload=)"), "XSS-Injection",
true(), "SuspiciousAPICall"
)
| where isnotnull(threat_type)
| eval auth_header=if(isnull(http_user_agent) OR len(http_authorization)<5, "NoAuth", "HasAuth")
| stats count AS request_count, values(uri_path) AS paths_accessed, values(threat_type) AS threat_types, min(_time) AS first_seen, max(_time) AS last_seen, dc(uri_path) AS unique_paths BY src_ip, dest_ip, auth_header
| where request_count >= 2 OR (request_count >= 1 AND mvcount(threat_types) > 1)
| eval risk_score=case(
mvfind(threat_types, "SSRF-CloudMetadata") >= 0 OR mvfind(threat_types, "PathTraversal-FileWrite") >= 0, 95,
mvfind(threat_types, "JSCodeExecution") >= 0, 85,
true(), 70
)
| sort - risk_score
| table first_seen, last_seen, src_ip, dest_ip, request_count, unique_paths, threat_types, auth_header, risk_scoreDetects exploitation attempts against Crawl4AI Docker API by identifying path traversal, SSRF, JS execution, and XSS injection patterns in HTTP access logs across common Crawl4AI deployment ports.
Data Sources
Required Sourcetypes
False Positives & Tuning
- Legitimate crawl jobs targeting internal URLs that happen to be on private IP ranges
- Authorized penetration testing against Crawl4AI deployments
- JavaScript-heavy crawl tasks submitted by authenticated users in multi-tenant deployments
- Misconfigured reverse proxies routing unrelated traffic through Crawl4AI ports
Other platforms for CVE-2026-56266
Testing Methodology
Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Crawl4AI Unauthenticated API Access Test
Expected signal: HTTP POST to port 11235 /crawl endpoint with 200 response and no Authorization header in request logs
- Test 2Crawl4AI SSRF via Cloud Metadata Endpoint
Expected signal: Outbound HTTP connection from Crawl4AI container to 169.254.169.254:80; logged in container network flow data and potentially in WAF/proxy logs
- Test 3Crawl4AI Path Traversal File Read via Screenshot Endpoint
Expected signal: HTTP POST to /screenshot or /crawl with file:// URL scheme in request body; response may contain file contents if vulnerable
- Test 4Crawl4AI JavaScript Code Injection via execute_js Endpoint
Expected signal: HTTP POST to /execute_js with js_code parameter containing JavaScript; Crawl4AI process spawning Playwright browser subprocess
Unlock Pro Content
Get the full detection package for CVE-2026-56266 including response playbook, investigation guide, and atomic red team tests.