Vulnerabilities

CVE-2026-26216 - Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Para...

2026-02-12 0 views admin

CVE ID : CVE-2026-26216 Published : Feb. 12, 2026, 3:31 p.m. | 26 minutes ago Description : Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-26216

Severity

CRITICAL

Published

Feb. 12, 2026

Affected Product: Docker

Impact: remote code execution

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-26216criticaldocker

CVE-2026-26216 - Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Para...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3134 - itsourcecode News Portal Project edit-category.php sql injection

CVE-2026-3133 - itsourcecode Document Management System Login loging.php sql injection

CVE-2025-46320 - FileMaker WebDirect Cross-Site Scripting (XSS)

CVE-2026-21410 - InSAT MasterSCADA BUK-TS SQL Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting