Executive Summary

CVE-2026-26217 is a Local File Inclusion (LFI) vulnerability in Crawl4AI versions prior to 0.8.0, specifically in its Docker API deployment.

The vulnerability occurs because the API endpoints /execute_js, /screenshot, /pdf, and /html accept file:// URLs without proper validation, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem.

An attacker can exploit this by sending specially crafted requests to these endpoints to access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.

The underlying weakness is due to improper limitation of a pathname to a restricted directory (CWE-22), where external input is used to construct file paths without proper sanitization.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact by allowing unauthenticated remote attackers to read arbitrary files on the server hosting Crawl4AI.

Attackers can access sensitive system files like /etc/passwd and /etc/shadow, application configuration files, and environment variables, which may contain credentials, API keys, and other confidential information.

Such exposure can lead to unauthorized access to internal application details, compromise of credentials, and potential further exploitation of the affected system.

The vulnerability has a high severity rating with CVSS v3.1 base score of 8.6 and CVSS v4.0 base score of 9.2, indicating critical risk.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the Local File Inclusion (LFI) issue on the vulnerable Crawl4AI Docker API endpoints. Specifically, sending crafted POST requests to the /execute_js, /screenshot, /pdf, or /html endpoints with file:// URLs can reveal if arbitrary files can be read from the server filesystem.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to test the /execute_js endpoint for the vulnerability by trying to read the /etc/passwd file:'}, {'type': 'list_item', 'content': 'curl -X POST http://<target-ip>:<port>/execute_js -H "Content-Type: application/json" -d \'{"url": "file:///etc/passwd", "scripts": ["document.body.innerText"]}\''}, {'type': 'paragraph', 'content': 'If the response contains the contents of /etc/passwd or other sensitive files, the system is vulnerable.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include:

• Disable the Docker API deployment of Crawl4AI if it is not required.
• Add authentication mechanisms to the Docker API to prevent unauthenticated access.
• Implement network-level filtering to restrict access to the vulnerable API endpoints.
• Upgrade Crawl4AI to version 0.8.0 or later, where this vulnerability has been patched.

Useful 0 Not Useful 0