216.73.217.64

CVE-2026-26217

· Published 12/02/2026 16:16 · Modified 13/02/2026 14:23

Labels: CVE-2026-26217 2026-02-12CVE-2026-26217CWE-22[email protected]

Essential information

Published
12/02/2026 16:16
Modified
13/02/2026 14:23
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
crawl4ai / crawl4ai cpe:2.3:a:crawl4ai:crawl4ai:*:*:*:*:*:*:*:*

References