A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem.
Attack Vector:
POST /execute_js
{
"url": "file:///etc/passwd",
"scripts": ["document.body.innerText"]
}
Impact
An unauthenticated attacker can:
- Read sensitive files (/etc/passwd, /etc/shadow, application configs)
- Access environment variables via /proc/self/environ
- Discover internal application structure
- Potentially read credentials and API keys
Workarounds
| Score | Percentile |
|---|---|
| 0.02% | 6.58% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.6 | 3.1 | — |
|
| 9.2 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-vx9w-5cx4-9796 ↗ |
| CVE | CVE-2026-26217 ↗ |
| CWE id | Name |
|---|---|
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | crawl4ai | < 0.8.0 | 0.8.0 | — |