Every CVE whose affected-product data names Kidocode Crawl4ai, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-57572 — CVSS 10.0 (critical): Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied…
CVE-2026-26216 — CVSS 10.0 (critical): Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a…
CVE-2026-56265 — CVSS 9.8 (critical): Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server…
CVE-2026-53753 — CVSS 9.8 (critical): Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields…
CVE-2026-57571 — CVSS 9.6 (critical): Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination…
CVE-2026-57573 — CVSS 8.6 (high): Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check…
CVE-2026-26217 — CVSS 8.6 (high): Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot…
CVE-2026-53755 — CVSS 8.6 (high): Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to…
CVE-2026-56266 — CVSS 8.6 (high): Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch…
CVE-2026-56258 — CVSS 8.1 (high): Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated…
CVE-2026-56264 — CVSS 8.1 (high): Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which…
CVE-2026-53754 — CVSS 7.5 (high): Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection…
CVE-2026-56262 — CVSS 6.5 (medium): Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers…
CVE-2026-56263 — CVSS 6.1 (medium): Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error…