Arbitrary Command Execution in Crawl4AI Web Crawler by UncleCode
CVE-2026-57572

10CRITICAL

Key Information:

Vendor

Unclecode

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2026-57572?

Crawl4AI, an open-source web crawler, has a security issue that allows attackers to exploit its unauthenticated Docker API. In versions before 0.9.0, the application accepted user-supplied arguments that could manipulate Chromium's launch commands, allowing for arbitrary command execution under the runtime user's privileges. This vulnerability poses a significant risk, as it can potentially compromise the security of the hosting environment. Users are advised to upgrade to version 0.9.0 or later to mitigate this risk.

Affected Version(s)

crawl4ai < 0.9.0

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.