Scan free
HIGHCVE-2024-56800CVSS 7.4

CVE-2024-56800: SSRF in Firecrawl Web Scraper

Platform

nodejs

Component

firecrawl

Fixed in

1.1.2

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2024-56800 describes a server-side request forgery (SSRF) vulnerability discovered in Firecrawl, a web scraper designed for large language models. This flaw allows attackers to potentially exfiltrate local network resources by crafting malicious redirects. The vulnerability impacts versions of Firecrawl prior to 1.1.1; a patch was released on December 27th, 2024, and the maintainers confirmed no user data was exposed.

Impact and Attack Scenarios

The SSRF vulnerability in Firecrawl allows an attacker to manipulate the scraping engine into making requests to unintended internal resources. By crafting a malicious website that redirects Firecrawl to a local IP address, an attacker can potentially gain access to sensitive information residing on the local network. This could include internal APIs, databases, or other services that are not directly exposed to the internet. The blast radius extends to any resources accessible from the Firecrawl instance's network, potentially impacting other systems and services within the organization. While the maintainers state no user data was exposed, the potential for lateral movement and access to internal systems remains a significant concern.

Exploitation Context

CVE-2024-56800 was publicly disclosed on December 30th, 2024. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been widely reported, but the SSRF nature of the vulnerability makes it relatively straightforward to exploit. The low barrier to entry increases the likelihood of exploitation, particularly given the widespread use of web scraping tools.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.05% (16% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L7.4HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componentfirecrawl
Vendormendableai
Affected rangeFixed in
< 1.1.1 – < 1.1.11.1.2

Weakness Classification (CWE)

CWE-918

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-56800 is to immediately upgrade Firecrawl to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing strict input validation on the URLs provided to Firecrawl. This can help prevent malicious redirects by only allowing requests to trusted domains. Additionally, implement network segmentation to limit the potential impact of a successful SSRF attack. Monitor Firecrawl logs for suspicious outbound requests to internal IP addresses. While no specific WAF rules are available, generic SSRF detection rules can be applied.

How to fix

Update Firecrawl to version 1.1.1 or higher. If you cannot update, configure a secure proxy for the Playwright services, blocking traffic to local IP addresses. Refer to the documentation for instructions on how to configure the proxy via the `PROXY_SERVER` environment variable.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-56800 — SSRF in Firecrawl?

CVE-2024-56800 is a server-side request forgery (SSRF) vulnerability affecting Firecrawl versions prior to 1.1.1, allowing attackers to potentially exfiltrate local network resources.

Am I affected by CVE-2024-56800 in Firecrawl?

You are affected if you are using Firecrawl version 1.1.1 or earlier. Check your installed version and upgrade immediately.

How do I fix CVE-2024-56800 in Firecrawl?

Upgrade Firecrawl to version 1.1.1 or later. If upgrading is not possible, implement strict input validation on URLs.

Is CVE-2024-56800 being actively exploited?

While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability makes it likely to be targeted.

Where can I find the official Firecrawl advisory for CVE-2024-56800?

Refer to the Firecrawl project's official channels and security advisories for the latest information.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs