Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.

View on NVD

Analysis

Crawl4AI versions prior to 0.9.0 are vulnerable to unauthenticated Remote Code Execution (RCE). Attackers can inject malicious Chromium flags via the Docker API to execute arbitrary commands as the container user. Users of the Crawl4AI Docker image should upgrade to 0.9.0 immediately.

Relevant roles

PythonIADockerBackendDataScienceCyberSecurity

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-88CWE-94

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.

Published: 7/6/2026, 9:16:58 PM
Last modified: 7/6/2026, 9:16:58 PM

References

HomeEventsBlogResourcesTeam