Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious baseurl parameter and setting apitoken to env:VARIABLENAME to exfiltrate provider API keys and server secrets including JWT SECRETKEY for authentication bypass.
{
"cna_assigner": "VulnCheck",
"cwe_ids": [
"CWE-200"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56259.json"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.8.8"
},
{
"introduced": "Crawl4AI"
}
],
"source": [
"AFFECTED_FIELD",
"DESCRIPTION"
]
}