Description
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.
Published: 2026-07-06
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the handling of request-provided browser_config.extra_args in Crawl4AI's Docker API server. Prior to version 0.9.0 these arguments were passed straight into Chromium's launch options, allowing an attacker to inject command switches that replace the child‑process launch command and enable --no-zygote. This gives the attacker the ability to force Chromium to fork or exec an arbitrary command as the container runtime user. Because the Docker API is unauthenticated by default, anyone who can reach the API can trigger this behavior, achieving remote code execution inside the container. The weakness corresponds to input validation failures (CWE‑88) and command injection (CWE‑94).

Affected Systems

The vulnerability affects all installations of Crawl4AI built before version 0.9.0. This includes every instance that uses the open‑source crawler and scraper, regardless of deployment environment, as long as the Docker API remains unprotected. No other products beyond the Crawl4AI project are listed. Upgrading to version 0.9.0 or newer eliminates the flaw.

Risk and Exploitability

The CVSS base score is 10, reflecting that an attacker can gain full code execution without any privilege escalation or lateral movement. The EPSS score is not available, but the lack of authentication and the high severity imply a high likelihood of exploitation in practice. The vulnerability is not listed in CISA's KEV catalog yet, but its severity and the fact that it is fixable via a simple upgrade make it a high‑priority issue. Attackers can exploit it by sending a specially crafted request to the unauthenticated Docker API endpoint that contains malicious browser_config.extra_args, which the server forwards to Chromium and ultimately executes within the container context.

Generated by OpenCVE AI on July 7, 2026 at 05:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Crawl4AI 0.9.0 or later to apply the official fix.
  • Restrict or secure access to the Docker API so that unauthenticated requests cannot reach the endpoint.
  • Sanitize or disable the handling of browser_config.extra_args so that it cannot be injected into Chromium launch options.

Generated by OpenCVE AI on July 7, 2026 at 05:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Unclecode
Unclecode crawl4ai
Vendors & Products Unclecode
Unclecode crawl4ai

Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.
Title Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Weaknesses CWE-88
CWE-94
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Unclecode Crawl4ai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-06T20:16:21.597Z

Reserved: 2026-06-24T18:49:56.207Z

Link: CVE-2026-57572

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T05:30:04Z

Weaknesses
  • CWE-88

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')