Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 06 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Unclecode
Unclecode crawl4ai |
|
| Vendors & Products |
Unclecode
Unclecode crawl4ai |
Mon, 06 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0. | |
| Title | Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args | |
| Weaknesses | CWE-88 CWE-94 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-06T20:16:21.597Z
Reserved: 2026-06-24T18:49:56.207Z
Link: CVE-2026-57572
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T22:15:15Z