CVE-2026-57572

Unclecode · Crawl4ai

Crawl4ai is vulnerable to command injection via the Docker API, allowing unauthenticated attackers to execute arbitrary commands on the host by injecting malicious Chromium launch arguments.

Executive summary

A critical command injection vulnerability in Crawl4ai allows unauthenticated remote attackers to execute arbitrary code on the host system, resulting in total system compromise.

Vulnerability

The vulnerability arises because the Docker API improperly sanitizes the browser_config.extra_args parameter. An unauthenticated attacker can inject malicious Chromium switches, including --no-zygote, to redirect process execution and run arbitrary commands as the container runtime user.

Business impact

Given the CVSS score of 10.0, this is a critical vulnerability that allows complete, unauthenticated control over the host system. Successful exploitation could lead to full data loss, complete system compromise, and the potential for the server to be used as a pivot point into the internal network, causing catastrophic reputational and operational damage.

Remediation

Immediate Action: Update Crawl4ai to version 0.9.0 or later immediately to patch the Docker API input validation.

Proactive Monitoring: Monitor for suspicious processes spawning from the Crawl4ai container and review Docker API traffic for abnormal requests containing unexpected browser configuration arguments.

Compensating Controls: Ensure the container is running with minimal privileges and use a Web Application Firewall (WAF) or network policy to restrict access to the Docker API port to authorized management hosts only.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability is of the highest severity and requires immediate attention. Because the service is unauthenticated by default and the vulnerability allows for remote command execution, any exposed Crawl4ai instances should be isolated from the internet until the patch to version 0.9.0 is successfully applied.