Home / Vulnerability Intelligence / CVE-2026-32857

CVE-2026-32857 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 27, 2026

Firecrawl - Server-Side Request Forgery

Published: March 26, 2026Updated: March 27, 2026Remote Exploitable

Overview

Firecrawl <= 2.8.0 contains a server-side request forgery protection bypass caused by incomplete network policy validation on redirected URLs in the Playwright scraping service, letting attackers access internal network services via redirects, exploit requires attacker to supply a valid external URL that redirects internally.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Attackers can access internal network services and sensitive endpoints by bypassing SSRF protections via redirects.

Mitigation

Update to the latest version beyond 2.8.0.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🟠 CVE-2026-32857 - High (8.6) Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequen... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32857/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32857
Severity: High
CVSS Score: 8.6
Type: server_side_request_forgery
Status: new
EPSS: 3.0%
Social Posts: 1

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

3.0%Probability of exploitation in the next 30 days