CRITICAL🇵🇱 Wersja polska

CVE-2026-26216

CVSS 10.0v4.0pub. 2026-02-12upd. 2026-02-20

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

🤖 AI Analysis
How it works

The /crawl endpoint accepts a hooks parameter containing Python code, which is then executed using the exec() function. Among the allowed built-in functions (builtins) was __import__, which enabled dynamic importing of arbitrary Python modules. This allowed an unauthenticated attacker to import system modules (e.g., os, subprocess) and execute arbitrary commands on the server using them. The attack requires no authentication or user interaction.

Impact

Successful exploitation allows an attacker to achieve complete server takeover, including arbitrary system command execution, file read and write operations, sensitive data exfiltration, and lateral movement within internal networks.

Mitigation & patch

Crawl4AI should be updated to version 0.8.0 or newer, in which the vulnerability has been removed. Details regarding the fix are available in the v0.8.0 release notes and in the security advisory GHSA-5882-5rx9-xgxp on GitHub. Until the patch is deployed, consider disabling public access to the /crawl endpoint or implementing firewall rules that restrict access only to trusted IP addresses.

Who is affected

Kidocode Crawl4AI in versions earlier than 0.8.0, deployed via Docker API

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Kidocode Crawl4ai

    APP
    Kidocode
    < 0.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEContainer
CWE
References

Related vulnerabilities

CVE-2026-53753CRITICAL9.8PL ✓ten sam produkt

RCE w Crawl4AI — ucieczka z sandbox poprzez atrybuty generatorów Python

CVE-2026-56258CRITICAL9.2PL ✓ten sam produkt

Crawl4AI: zapis dowolnych plików poza katalogiem przez path traversal i TOCTOU

CVE-2026-56266CRITICAL9.2PL ✓ten sam produkt

SSRF w Crawl4AI — ominięcie blokady adresów wewnętrznych przez IPv6-mapped IPv4

CVE-2026-56265CRITICAL9.3PL ✓ten sam produkt

Obejście uwierzytelnienia w Crawl4AI przez zakodowany klucz JWT

CVE-2026-26217CRITICAL9.2PL ✓ten sam produkt

Path Traversal w Crawl4AI — odczyt dowolnych plików przez file:// URL