CVE-2026-26217
Published: 12 February 2026
Summary
CVE-2026-26217 is a high-severity Path Traversal (CWE-22) vulnerability in Kidocode Crawl4Ai. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the LFI vulnerability by enforcing input validation on /execute_js, /screenshot, /pdf, and /html endpoints to reject file:// URLs and prevent arbitrary file reads.
Remediates the specific flaw in Crawl4AI versions prior to 0.8.0 by applying vendor patches that disable file:// URL acceptance in affected Docker API endpoints.
Monitors API endpoints for unauthorized disclosures of sensitive files like /etc/passwd, /etc/shadow, and /proc/self/environ through review of logs for anomalous file:// requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
LFI in public-facing Docker API endpoints directly enables T1190 exploitation; arbitrary file reads (passwd/shadow, configs, /proc env) facilitate T1005 local data collection and T1552.001 credential file access.
NVD Description
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker…
more
can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.
Deeper analysisAI
CVE-2026-26217 is a local file inclusion vulnerability (CWE-22) affecting Crawl4AI versions prior to 0.8.0, specifically in its Docker API deployment. The vulnerability arises because the /execute_js, /screenshot, /pdf, and /html endpoints improperly accept file:// URLs, enabling attackers to traverse and access arbitrary files on the server filesystem. This issue has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), reflecting high confidentiality impact with network accessibility, no authentication requirements, and scope change.
Unauthenticated remote attackers can exploit this vulnerability by sending crafted requests to the affected endpoints with file:// URLs pointing to sensitive paths. Successful exploitation allows reading arbitrary files, including /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ. This can disclose credentials, API keys, and internal application structures, potentially leading to further compromise.
Advisories recommend upgrading to Crawl4AI version 0.8.0 or later, where the endpoints no longer accept file:// URLs. Relevant references include the project's release notes for v0.8.0, the GitHub security advisory GHSA-vx9w-5cx4-9796, and VulnCheck's analysis detailing the Docker API file URL handling flaw.
Details
- CWE(s)