Lucene search
K

4 matches found

CVE
CVE
added yesterday5 views

CVE-2026-56264

CVE-2026-56264 affects Crawl4AI prior to 0.8.7. The Docker API server’s /execute_js endpoint accepts and executes arbitrary JavaScript in the server’s browser context with --disable-web-security enabled, enabling an attacker to run arbitrary JS and, given relaxed browser security, perform server-...

9.2CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/21 2:16 p.m.4 views

PYSEC-2026-239

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.3CVSS5.8AI score0.00417EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2026-38170

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-51224

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References19
Rows per page
Query Builder