PT-2026-4847 · Pypi · Crawl4Ai

Publicado

2026-01-16

·

Atualizado

2026-01-16

CVSS v4.0

10

Crítica

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands.
Attack Vector:
json
POST /crawl
{
 "urls": ["https://example.com"],
 "hooks": {
  "code": {
   "on page context created": "async def hook(page, context, **kwargs):
   import ('os').system('malicious command')
  return page"
  }
 }
}

Impact

An unauthenticated attacker can:
  • Execute arbitrary system commands
  • Read/write files on the server
  • Exfiltrate sensitive data (environment variables, API keys)
  • Pivot to internal network services
  • Completely compromise the server

Mitigation

  1. Upgrade to v0.8.0 (recommended)
  2. If unable to upgrade immediately:
  • Disable the Docker API
  • Block /crawl endpoint at network level
  • Add authentication to the API

Fix Details

  1. Removed import from allowed builtins in hook manager.py
  2. Hooks disabled by default (CRAWL4AI HOOKS ENABLED=false)
  3. Users must explicitly opt-in to enable hooks

Credits

Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

GHSA-5882-5RX9-XGXP

Produtos afetados

Crawl4Ai