GHSA-5882-5rx9-xgxp

Suggest an improvement
Source
https://github.com/advisories/GHSA-5882-5rx9-xgxp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-5882-5rx9-xgxp/GHSA-5882-5rx9-xgxp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5882-5rx9-xgxp
Aliases
  • CVE-2026-26216
Published
2026-01-16T20:59:16Z
Modified
2026-02-12T16:11:17.933078Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
Details

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands.

Attack Vector:

POST /crawl
{
  "urls": ["https://example.com"],
  "hooks": {
    "code": {
      "on_page_context_created": "async def hook(page, context, **kwargs):\n    __import__('os').system('malicious_command')\n    return page"
    }
  }
}

Impact

An unauthenticated attacker can: - Execute arbitrary system commands - Read/write files on the server - Exfiltrate sensitive data (environment variables, API keys) - Pivot to internal network services - Completely compromise the server

Mitigation

  1. Upgrade to v0.8.0 (recommended)
  2. If unable to upgrade immediately:
    • Disable the Docker API
    • Block /crawl endpoint at network level
    • Add authentication to the API

Fix Details

  1. Removed __import__ from allowed_builtins in hook_manager.py
  2. Hooks disabled by default (CRAWL4AI_HOOKS_ENABLED=false)
  3. Users must explicitly opt-in to enable hooks

Credits

Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed_at": "2026-01-16T20:59:16Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true
}
References

Affected packages

PyPI / crawl4ai

Package

Name
crawl4ai
View open source insights on deps.dev
Purl
pkg:pypi/crawl4ai

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.0

Affected versions

0.*
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.71
0.3.72
0.3.73
0.3.74
0.3.731
0.3.741
0.3.742
0.3.743
0.3.744
0.3.745
0.3.746
0.4.0
0.4.1
0.4.3b1
0.4.3b2
0.4.3b3
0.4.21
0.4.22
0.4.23
0.4.24
0.4.241
0.4.242
0.4.243
0.4.244
0.4.245
0.4.246
0.4.247
0.4.248b3
0.4.248
0.5.0
0.5.0.post1
0.5.0.post2
0.5.0.post3
0.5.0.post4
0.5.0.post5
0.5.0.post6
0.5.0.post7
0.5.0.post8
0.6.0rc1
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-5882-5rx9-xgxp/GHSA-5882-5rx9-xgxp.json"