CyberRota
← Ana sayfaya dön

CVE-2026-56258

HIGH · CVSS 8.1 EPSS %0.66 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-23T13:16:44.817 · Çekilme zamanı: 2026-06-30T18:30:00.888642+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit code execution
GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-56258
Severity
HIGH
CVSS
8.1
EPSS
%0.66

Orijinal NVD Açıklaması

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU) attacks on the output_path parameter. Remote attackers can exploit insufficient path validation and symlink following to achieve arbitrary file write and potential code execution on systems where the runtime user has write access to executable or cron locations.