GHSA-vx9w-5cx4-9796CriticalCVSS 8.6
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
🔗 CVE IDs covered (1)
📋 Description
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem.
Attack Vector:
POST /execute_js
{
"url": "file:///etc/passwd",
"scripts": ["document.body.innerText"]
}
Impact
An unauthenticated attacker can:
- Read sensitive files (/etc/passwd, /etc/shadow, application configs)
- Access environment variables via /proc/self/environ
- Discover internal application structure
- Potentially read credentials and API keys
Workarounds
- Disable the Docker API
- Add authentication to the API
- Use network-level filtering
🎯 Affected products1
- pip/crawl4ai:< 0.8.0
🔗 References (8)
- https://github.com/unclecode/crawl4ai/security/advisories/GHSA-vx9w-5cx4-9796
- https://github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/blog/release-v0.8.0.md
- https://github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/migration/v0.8.0-upgrade-guide.md
- https://nvd.nist.gov/vuln/detail/CVE-2026-26217
- https://github.com/unclecode/crawl4ai/blob/main/docs/blog/release-v0.8.0.md
- https://www.vulncheck.com/advisories/crawl4ai-docker-api-local-file-inclusion-via-file-url-handling
- https://github.com/pypa/advisory-database/tree/main/vulns/crawl4ai/PYSEC-2026-34.yaml
- https://github.com/advisories/GHSA-vx9w-5cx4-9796