Vulnerability  ·  2026-07-07

Crawl4AI Docker API — Chromium Launch-Argument Injection Enables Remote Code Execution

VulnerabilityHigh impactGlobalCVE-2026-57572
Prior to version 0.9.0, Crawl4AI's Docker API server passed user-supplied browser_config.extra_args directly into Chromium's launch arguments without sanitization. Because these arguments control the child process invocation, an attacker could substitute the launch command entirely, resulting in remote code execution with no authentication required beyond API access.
Crawl4AI is a popular open-source crawler purpose-built for feeding LLM/RAG pipelines. A CVSS 10.0 unauthenticated RCE in its Docker API server means any internet-facing or multi-tenant Crawl4AI deployment used to source content for AI applications can be fully taken over, enabling data theft, lateral movement into connected AI infrastructure, or use as a foothold for further attacks — directly analogous to the JadePuffer/Langflow pattern of AI-tool RCE leading to full compromise.
The Docker API server accepts request-supplied browser_config.extra_args, which flow unsanitized into Chromium's launch arguments. An attacker can inject Chromium command-line switches that replace the child-process launch command, achieving arbitrary code execution on the server hosting the crawler.
Crawl4AI (unclecode/crawl4ai) Docker API server, versions prior to 0.9.0
Upgrade to Crawl4AI >= 0.9.0. Do not expose the Crawl4AI Docker API server to untrusted networks without an allowlist on browser_config parameters.
NVD CVE-2026-57572Crawl4AI fix commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →