CNNVD-202602-2116 Information

CNNVD ID

CNNVD-202602-2116

Related CVE

CVE-2026-26217

• CNNVD Published: 2026-02-12

Description (Chinese)

Crawl4AI是UncleCode个人开发者的一个开源LLM友好的网络爬虫。 Crawl4AI 0.8.0之前版本存在路径遍历漏洞，该漏洞源于Docker API部署中的多个端点接受file:// URL，可能导致未经身份验证的远程攻击者读取服务器文件系统中的任意文件。

Description (English)

Crawl4AI is an open-source LLM-friendly web reptile of UncleCode personal developers. Prior to Crawl4AI 0.8.0, there was a loophole in the path, which originated from multiple endpoints in Docker API deployment accepting file://URL, which could lead to uncertified remote assailants reading random files in server file systems.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-02-12

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/crawl4ai-docker-api-local-file-inclusion-via-file-url-handling https://github.com/unclecode/crawl4ai/security/advisories/GHSA-vx9w-5cx4-9796 https://github.com/unclecode/crawl4ai/blob/main/docs/blog/release-v0.8.0.md https://access.redhat.com/security/cve/cve-2026-26217

Patch

https://docs.crawl4ai.com/