Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling
Description
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crawl4AI Docker API before v0.8.0 allows unauthenticated remote file inclusion via file:// URLs in multiple endpoints.
Vulnerability
Overview Crawl4AI versions prior to 0.8.0 contain a local file inclusion (LFI) vulnerability in the Docker API deployment. The endpoints /execute_js, /screenshot, /pdf, and /html accept file:// URLs, allowing an attacker to read arbitrary files from the server filesystem [2][3][4].
Exploitation
An unauthenticated remote attacker can craft a request to any of the affected endpoints with a file:// URL pointing to a target file, such as file:///etc/passwd. No authentication or special privileges are required, as the Docker API is often exposed without proper access controls [3][4].
Impact
Successful exploitation enables reading sensitive files including /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ. This can expose credentials, API keys, and internal application structure, potentially leading to further compromise [2].
Mitigation
The vulnerability is fixed in Crawl4AI version 0.8.0, which blocks file:// URLs by validating allowed URL schemes (only http://, https://, and raw: are permitted). Users should upgrade immediately. If immediate upgrade is not possible, the Python library may be used directly for local file processing as a workaround [2][3][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Crawl4AIPyPI | < 0.8.0 | 0.8.0 |
Affected products
2- unclecode/Crawl4AIv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-vx9w-5cx4-9796ghsaADVISORY
- github.com/unclecode/crawl4ai/security/advisories/GHSA-vx9w-5cx4-9796ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2026-26217ghsaADVISORY
- www.vulncheck.com/advisories/crawl4ai-docker-api-local-file-inclusion-via-file-url-handlingghsathird-party-advisoryWEB
- github.com/unclecode/crawl4ai/blob/main/docs/blog/release-v0.8.0.mdghsarelease-notesWEB
- github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/blog/release-v0.8.0.mdghsaWEB
- github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/migration/v0.8.0-upgrade-guide.mdghsaWEB
News mentions
0No linked articles in our index yet.