Impact
The flaw lies in the handling of request-provided browser_config.extra_args in Crawl4AI's Docker API server. Prior to version 0.9.0 these arguments were passed straight into Chromium's launch options, allowing an attacker to inject command switches that replace the child‑process launch command and enable --no-zygote. This gives the attacker the ability to force Chromium to fork or exec an arbitrary command as the container runtime user. Because the Docker API is unauthenticated by default, anyone who can reach the API can trigger this behavior, achieving remote code execution inside the container. The weakness corresponds to input validation failures (CWE‑88) and command injection (CWE‑94).
Affected Systems
The vulnerability affects all installations of Crawl4AI built before version 0.9.0. This includes every instance that uses the open‑source crawler and scraper, regardless of deployment environment, as long as the Docker API remains unprotected. No other products beyond the Crawl4AI project are listed. Upgrading to version 0.9.0 or newer eliminates the flaw.
Risk and Exploitability
The CVSS base score is 10, reflecting that an attacker can gain full code execution without any privilege escalation or lateral movement. The EPSS score is not available, but the lack of authentication and the high severity imply a high likelihood of exploitation in practice. The vulnerability is not listed in CISA's KEV catalog yet, but its severity and the fact that it is fixable via a simple upgrade make it a high‑priority issue. Attackers can exploit it by sending a specially crafted request to the unauthenticated Docker API endpoint that contains malicious browser_config.extra_args, which the server forwards to Chromium and ultimately executes within the container context.
OpenCVE Enrichment