Arbitrary Command Execution in Crawl4AI Web Crawler by UncleCode
CVE-2026-57572
10CRITICAL
What is CVE-2026-57572?
Crawl4AI, an open-source web crawler, has a security issue that allows attackers to exploit its unauthenticated Docker API. In versions before 0.9.0, the application accepted user-supplied arguments that could manipulate Chromium's launch commands, allowing for arbitrary command execution under the runtime user's privileges. This vulnerability poses a significant risk, as it can potentially compromise the security of the hosting environment. Users are advised to upgrade to version 0.9.0 or later to mitigate this risk.
Affected Version(s)
crawl4ai < 0.9.0
