CRITICAL
unclecode
CVE published 2026-06-23
CVE-2026-53753
CVE-2026-53753 is a critical vulnerability in Crawl4AI, an open-source LLM friendly web crawler & scraper. The vulnerability exists in the _safe_eval_expression() function, which uses an AST validator that only blocks attributes starting with underscore. This allows for a complete sandbox escape, enabling an attacker to achieve arbitrary code execution. The attack requires no authentication, as JWT is dis [truncated]