CVE-2026-57572
Crawl4AI prior to version 0.9.0 was vulnerable to unauthenticated remote command execution through Chromium launch-argument injection. The Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium’s launch arguments and could be manipulated to replace a chi...