crawl4ai

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting crawl4aipage 1 of 1

CVE-2026-26216CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.0
2026-02-12
vulnerable: 0.3.0 ... 0.7.8 (61 versions)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was inc…
CVE-2026-26217HIGHCVSS 8.6EG 8.6✓ Fixed in 0.8.0
2026-02-12
vulnerable: 0.3.0 ... 0.7.8 (61 versions)
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbi…

Check whether crawl4ai is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for crawl4ai CVEs against the assets you own.

Start Free Scan →