CNNVD-202602-2117 Information

CNNVD ID

CNNVD-202602-2117

Related CVE

CVE-2026-26216

• CNNVD Published: 2026-02-12

Description (Chinese)

Crawl4AI是UncleCode个人开发者的一个开源LLM友好的网络爬虫。 Crawl4AI 0.8.0之前版本存在代码注入漏洞，该漏洞源于Docker API部署中的/crawl端点接受包含Python代码的hooks参数并使用exec执行，可能导致未经身份验证的远程攻击者执行任意系统命令和完全控制服务器。

Description (English)

Crawl4AI is an open-source LLM-friendly web reptile of UncleCode personal developers. There was a code-infusion gap in the pre-Crawl4AI 0.8.0 version, which stemmed from the fact that the DOcker API deployment/crawl endpoint accepted the logs parameters containing the Python code and performed using exec, which could result in the implementation of arbitrary system commands and complete control of servers by unidentified remote assailants.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/unclecode/crawl4ai/security/advisories/GHSA-5882-5rx9-xgxp https://www.vulncheck.com/advisories/crawl4ai-docker-api-unauthenticated-remote-code-execution-via-hooks-parameter https://github.com/unclecode/crawl4ai/blob/main/docs/blog/release-v0.8.0.md https://access.redhat.com/security/cve/cve-2026-26216

Patch

https://docs.crawl4ai.com/