{"vulnerability": "cve-2026-57571", "sightings": [{"uuid": "224df6d8-286c-45b7-ae56-db5f614d387d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57571", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpz26euuhl2b", "content": "CVE-2026-57571\nThe Crawl4AI web crawler and scraper saves downloaded files using user-controlled names, potentially allowing attackers to write files anywhere on the system. This could lead to remote code execution if an\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-06T21:34:07.093135Z"}, {"uuid": "2b6a745e-cf16-4bce-b261-98edd1479891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57571", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpz7m2dufn2t", "content": "CVE-2026-57571 - Critical RCE in Crawl4AI. Unrestricted file write via path traversal in filename handling. CVSS 9.6. No patch available. Disable file saving or use sandboxing immediately. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-57571/", "creation_timestamp": "2026-07-06T23:11:14.577886Z"}, {"uuid": "57552b3e-ec85-4296-96dc-9e3f1a968e92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57571", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mq4cbokfwz26", "content": "\ud83d\udccc CVE-2026-57571 - Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename wa... https://www.cyberhub.blog/cves/CVE-2026-57571", "creation_timestamp": "2026-07-08T04:37:06.812536Z"}]}