CVE-2026-53753

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7

Description The safe eval expression() function in the computed fields feature uses an AST (Abstract Syntax Tree) validator that only blocks attributes starting with an underscore. Because Python generator and frame object attributes such as gi frame, f back, and f builtins do not start with an underscore, they can be used to escape the sandbox and achieve arbitrary code execution. An unauthenticated attacker can trigger this by sending a 'POST /crawl' request with a crafted JsonCssExtractionStrategy schema containing a malicious computed field expression. This allows the attacker to access the frame chain, reach f builtins to import the os module, and execute arbitrary system commands inside the Docker container, potentially leading to file system access and secret exfiltration.

Recommendations Update to version 0.8.7. Enable JWT authentication via the CRAWL4AI API TOKEN environment variable. Restrict network access to the Docker API.