Description
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.
Published: 2026-02-12
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Inclusion via file:// URLs enabling arbitrary file read
Action: Immediate Patch
AI Analysis

Impact

Crawl4AI deployments running a version earlier than 0.8.0 contain a flaw in the Docker API where the /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs. An unauthenticated attacker can supply such a URL and the service will read the referenced file from the host filesystem, providing direct access to the contents of that file.

Affected Systems

All installations of Crawl4AI from the vendor unclecode that use Docker and run a version older than 0.8.0 are affected. The vulnerability is in the Docker API implementation of the Crawl4AI package and can be exploited in any environment that exposes the API endpoints directly to the network.

Risk and Exploitability

The flaw carries a CVSS score of 9.2, indicating a high‑severity vulnerability. The EPSS score is below 1% and the issue is not listed in the CISA KEV catalog, but the ease of exploitation—any remote host can send a crafted HTTP request without authentication—is significant. An attacker who controls the file:// target can read sensitive files such as /etc/passwd, /etc/shadow, configuration files, or environment variables, potentially exposing credentials, API keys, and system details.

Generated by OpenCVE AI on April 18, 2026 at 12:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Crawl4AI to version 0.8.0 or later, which removes support for file:// URLs in the affected endpoints.
  • If an upgrade cannot be performed immediately, reconfigure the Docker API to reject or disable all file:// scheme URLs on the /execute_js, /screenshot, /pdf, and /html endpoints.
  • Limit network exposure by restricting the Docker API to trusted internal hosts or by placing a firewall rule that blocks external access to the API ports.

Generated by OpenCVE AI on April 18, 2026 at 12:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vx9w-5cx4-9796 Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
History

Fri, 20 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Kidocode
Kidocode crawl4ai
CPEs cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*
Vendors & Products Kidocode
Kidocode crawl4ai

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Unclecode
Unclecode crawl4ai
Vendors & Products Unclecode
Unclecode crawl4ai

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.
Title Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Kidocode Crawl4ai
Unclecode Crawl4ai
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-12T15:54:14.790Z

Reserved: 2026-02-11T20:08:07.944Z

Link: CVE-2026-26217

cve-icon Vulnrichment

Updated: 2026-02-12T15:54:10.889Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-12T16:16:17.620

Modified: 2026-02-20T16:54:08.060

Link: CVE-2026-26217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:45:45Z

Weaknesses