GHSA-5882-5RX9-XGXP: Crawl4AI RCE: Hook, Line, and Sinker into Your Docker Container

Published: 3 weeks ago (January 16, 2026 at 08:23 PM EST)

1 min read

Source: Dev.to

Overview

Vulnerability ID: GHSA-5882-5RX9-XGXP
CVSS Score: 10.0 (Critical)
Published: 2026-01-16

A critical Remote Code Execution (RCE) vulnerability affects Crawl4AI’s Docker deployment. Unauthenticated attackers can execute arbitrary Python code via the hooks parameter, bypassing the intended sandbox.

Vulnerability Details

Type: Remote Code Execution (RCE)
CWE: CWE‑95 (Improper Neutralization of Directives in Dynamically Evaluated Code)
Attack Vector: Network (API)
Authentication Required: None

Crawl4AI, a web scraper for LLMs, exposed an unauthenticated /crawl API endpoint that accepted custom Python code for hooks. The sandbox attempted to restrict execution using exec(), but the __import__ function remained accessible. An attacker can send a crafted JSON payload to /crawl to run system commands as root inside the Docker container, potentially stealing API keys or pivoting within the network.

Affected Versions

Crawl4AI Docker deployments
ProjectDiscovery Nuclei Template

Read the full report for GHSA-5882-5RX9-XGXP on our website for more details, including interactive diagrams and full exploit analysis.

GHSA-5882-5RX9-XGXP: Crawl4AI RCE: Hook, Line, and Sinker into Your Docker Container

Overview

Vulnerability Details

Affected Versions

Related posts

Creating a AI-enabled Slackbot with AWS Bedrock Knowledge Base

I built an extensive FREE Training Platform to learn Claude Code, Cursor, Codex CLI, and Gemini CLI

Debugging Agents is Tough: How I Built a 'Flight Recorder' for AI Kernel