CVE-2026-57572
Crawl4AI Docker API Command Injection Vulnerability
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Crawl4AI's Docker API is vulnerable to unauthenticated command injection, allowing attackers to execute arbitrary commands as the container's runtime user by manipulating Chromium launch arguments. This critical issue, fixed in version 0.9.0, poses a significant risk if the unauthenticated API is reachable.