CVE-2026-46497 | THREATINT – Canadian Cyber Watch

Description

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.

PUBLISHED Reserved 2026-05-14 | Published 2026-06-10 | Updated 2026-06-10 | Assigner GitHub_M

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

>= 1.0.0, < 1.7.0
affected

References

github.com/…python/security/advisories/GHSA-3r75-xc34-5f44

github.com/apify/crawlee-python/releases/tag/v1.7.0

cve.org (CVE-2026-46497)

nvd.nist.gov (CVE-2026-46497)

Download JSON

Source link

What's Hot

FBI disrupts massive AI-powered phishing service using a million URLs

Ex-school district employee jailed for hacks on former employer

Scientists Discover Vast Ancient ‘Necropolis’ Teeming With Strange New Creatures

CISA Adds One Known Exploited Vulnerability to Catalog

FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Catchy & Intriguing

IP Address Investigations and Local OSINT

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular