GHSA-R253-R9JW-QG44: Unauthenticated Remote Code Execution in Crawl4AI via Chromium Launch-Argument Injection
Vulnerability ID: GHSA-R253-R9JW-QG44
CVSS Score: 10.0
Published: 2026-06-18
A critical unauthenticated remote code execution vulnerability exists in Crawl4AI versions up to 0.8.9. The flaw is caused by improper neutralization of command arguments passed to the Chromium process execution engine via the browser_config.extra_args parameter, enabling remote attackers to execute arbitrary shell commands inside the container.
TL;DR
Unauthenticated remote command injection via Chromium process-replacement switches in Crawl4AI <= 0.8.9.
Technical Details
- CWE ID: CWE-88 / CWE-94
- Attack Vector: Network
- CVSS Score: 10.0 (Critical)
- Exploit Status: PoC Available
- Affected Component: Docker API server request parsing
- Patched Version: 0.9.0
Affected Systems
- Crawl4AI self-hosted Docker API server
Mitigation Strategies
- Upgrade Crawl4AI to version 0.9.0 or later
- Enable API Token Authentication
- Restrict network exposure of the container port
Remediation Steps:
- Pull the official Docker image tagged with version 0.9.0 or later.
- If using pip, run 'pip install crawl4ai>=0.9.0' to update the library.
- Set the 'CRAWL4AI_API_TOKEN' environment variable in your deployment configuration to enable authorization checks.
- Bind the container API port (11235) to 127.0.0.1 or place it behind a firewall/VPN.
References
- GitHub Security Advisory GHSA-R253-R9JW-QG44
- Crawl4AI Repository
- Vulnerability Fix Commit
- Vulnerability Documentation Commit
- Crawl4AI Migration Guide (0.9.0)
Read the full report for GHSA-R253-R9JW-QG44 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)