3 matches found
CVE-2026-57572
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...
CVE-2026-57572
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...
PT-2026-56003
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description The Docker API server allows the browser config.extra args parameter to be passed directly into Chromium launch arguments. Because the Docker API is unauthenticated by default, an attacker can injec...