Security Advisory

CVE-2026-26217

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-12 15:33:27
Last updated 2026-06-23 16:13:59
Assigner VulnCheck
State PUBLISHED

Description

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.