CVE-2026-26216

CRITICAL10.0EPSS 0.13%

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

Published: 1/16/2026Modified: 5/20/2026
Also known as:GHSA-5882-5rx9-xgxpPYSEC-2026-33

Description

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The `/crawl` endpoint accepts a `hooks` parameter containing Python code that is executed using `exec()`. The `__import__` builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. **Attack Vector:** ```json POST /crawl { "urls": ["https://example.com"], "hooks": { "code": { "on_page_context_created": "async def hook(page, context, **kwargs):\n __import__('os').system('malicious_command')\n return page" } } } ``` ### Impact An unauthenticated attacker can: - Execute arbitrary system commands - Read/write files on the server - Exfiltrate sensitive data (environment variables, API keys) - Pivot to internal network services - Completely compromise the server ### Mitigation 1. **Upgrade to v0.8.0** (recommended) 2. If unable to upgrade immediately: - Disable the Docker API - Block `/crawl` endpoint at network level - Add authentication to the API ### Fix Details 1. Removed `__import__` from `allowed_builtins` in `hook_manager.py` 2. Hooks disabled by default (`CRAWL4AI_HOOKS_ENABLED=false`) 3. Users must explicitly opt-in to enable hooks ### Credits Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
osvCVSS 3.1CRITICAL10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (7)