DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-5882-5RX9-XGXP: Crawl4AI RCE: Hook, Line, and Sinker into Your Docker Container

#security #cve #cybersecurity #ghsa

Crawl4AI RCE: Hook, Line, and Sinker into Your Docker Container

Vulnerability ID: GHSA-5882-5RX9-XGXP
CVSS Score: 10.0
Published: 2026-01-16

A critical Remote Code Execution (RCE) vulnerability in Crawl4AI's Docker deployment allows unauthenticated attackers to execute arbitrary Python code via the hooks parameter, bypassing a flimsy sandbox.

TL;DR

Crawl4AI, a web scraper for LLMs, exposed an unauthenticated API endpoint that accepted custom Python code for 'hooks'. The developers attempted to sandbox this using exec() but accidentally allowed __import__. Attackers can send a JSON payload to the /crawl endpoint to execute system commands as root inside the Docker container, potentially stealing API keys or pivoting within the network. Fixed in version 0.8.0.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Remote Code Execution (RCE)
  • CWE ID: CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code)
  • CVSS Score: 10.0 (Critical)
  • Attack Vector: Network (API)
  • Authentication: None
  • Affected Component: Docker API / Hook Manager

Affected Systems

  • Crawl4AI Docker deployments < 0.8.0
  • Any system exposing the Crawl4AI /crawl endpoint to untrusted networks
  • Crawl4AI: < 0.8.0 (Fixed in: 0.8.0)

Exploit Details

Mitigation Strategies

  • Upgrade to Crawl4AI v0.8.0 or later immediately.
  • Ensure the Docker container is not exposed directly to the public internet.
  • Implement an authentication layer (Reverse Proxy) in front of the API.
  • Run the Docker container with a non-root user to limit impact if compromised.

Remediation Steps:

  1. Pull the latest Docker image: docker pull unclecode/crawl4ai:latest
  2. Restart your container instances.
  3. Verify the version is >= 0.8.0.
  4. Ensure CRAWL4AI_HOOKS_ENABLED is NOT set to true unless absolutely necessary and the endpoint is secured.

References

Read the full report for GHSA-5882-5RX9-XGXP on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)