Is Python affected by CVE-2026-26216?

Crawl4AI versions before 0.8.0 contain a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary code on affected systems.

CVE-2026-26216

CRITICAL

2026-02-12 [email protected]

GHSA-5882-5rx9-xgxp

10.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 12, 2026 - 16:16 nvd

CRITICAL 10.0

Description

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks.

Analysis

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. …

Remediation

Within 24 hours: Identify all systems running Crawl4AI prior to 0.8.0 and isolate them from production networks or disable the /crawl endpoint immediately. Within 7 days: Upgrade to Crawl4AI 0.8.0 or later, or implement network-level access controls restricting the /crawl endpoint to trusted internal sources only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +50

POC: 0

CVE-2026-26216 vulnerability details – vuln.today

Back

CVE-2026-26216

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-26216

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code