CVE-2026-56265

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7

Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT (JSON Web Token) signing key. A JWT is a compact, URL-safe means of representing claims to be transferred between two parties. Because the secret used to sign these tokens is publicly known, a remote attacker can forge valid tokens for any user to bypass authentication and gain full access to protected functionality.

Recommendations Update to version 0.8.7.