CVE-2026-26216

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0

Description Crawl4AI is affected by a remote code execution issue in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The inclusion of the import builtin within the allowed builtins enables unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation can lead to full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks. The /crawl API endpoint is vulnerable due to the acceptance of a hooks parameter. This parameter contains Python code that is executed using the exec() function. The import function was present in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. An example attack vector involves sending a POST request to the /crawl endpoint with a JSON payload containing malicious code within the hooks parameter.

Recommendations Versions prior to 0.8.0 should be upgraded to version 0.8.0. If an immediate upgrade is not possible, disable the Docker API. Alternatively, block the /crawl endpoint at the network level. Add authentication to the API.