Home / Vulnerability Intelligence / CVE-2026-32857

CVE-2026-32857 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 27, 2026

Firecrawl - Server-Side Request Forgery

Published: March 26, 2026Updated: March 27, 2026Remote Exploitable

Overview

Firecrawl <= 2.8.0 contains a server-side request forgery protection bypass caused by incomplete network policy validation on redirected URLs in the Playwright scraping service, letting attackers access internal network services via redirects, exploit requires attacker to supply a valid external URL that redirects internally.

Severity & Score

Severity: High

CVSS Score: 8.6

Impact

Attackers can access internal network services and sensitive endpoints by bypassing SSRF protections via redirects.

Mitigation

Update to the latest version beyond 2.8.0.

References

Related Resources

Details

CVE ID: CVE-2026-32857
Severity: High
CVSS Score: 8.6
Type: server_side_request_forgery
Status: new

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N