CVE-2026-26216

CriticalPublic PoCRCE

Published: 12 February 2026

Published

12 February 2026

Modified

20 February 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0032 55.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26216 is a critical-severity Code Injection (CWE-94) vulnerability in Kidocode Crawl4Ai. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the RCE flaw in Crawl4AI by requiring timely identification, reporting, and patching to version 0.8.0 or later.

SI-10 Information Input Validation good match

prevent

Validates user-supplied hooks parameter to the /crawl endpoint, preventing injection and execution of arbitrary Python code via exec().

SC-14 Public Access Protections good match

prevent

Enforces authorizations and protections at the publicly accessible Docker API /crawl endpoint, blocking unauthenticated remote code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated RCE via public-facing /crawl API endpoint (T1190) by injecting and executing arbitrary Python code with exec() (T1059.006), leading to system command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins,…

allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

Deeper analysisAI

CVE-2026-26216 is a remote code execution vulnerability in Crawl4AI versions prior to 0.8.0, specifically within its Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(), with the __import__ builtin included among the allowed builtins. This allows attackers to import arbitrary modules and execute system commands, as classified under CWE-94 (Code Injection).

Unauthenticated remote attackers can exploit the vulnerability over the network with low attack complexity and no user interaction or privileges required, earning a maximum CVSS v3.1 score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Successful exploitation results in full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

The GitHub security advisory (GHSA-5882-5rx9-xgxp) and release notes for Crawl4AI v0.8.0 address the issue, with mitigation achieved by upgrading to version 0.8.0 or later. Further technical details on the vulnerability and remediation are provided in the VulnCheck advisory.