What is the CVSS score of CVE-2026-26217?

CVE-2026-26217 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Docker are affected by CVE-2026-26217?

Crawl4AI versions before 0.8.0 contain a critical vulnerability allowing unauthenticated attackers to read sensitive files from affected servers.. A patch is available.

How to fix or mitigate CVE-2026-26217?

Within 24 hours: Inventory all systems running Crawl4AI and identify version numbers; immediately disable or isolate affected instances if upgrade is not immediately possible. Within 7 days: Upgrade all Crawl4AI deployments to version 0.8.0 or later, or implement compensating controls listed below. Within 30 days: Conduct log analysis for signs of exploitation; if breached, initiate incident response and notify affected parties per regulatory requirements.

Docker CVE-2026-26217

HIGH

Path Traversal (CWE-22)

2026-02-12 disclosure@vulncheck.com

GHSA-vx9w-5cx4-9796

Docker LFI AI / ML Crawl4ai

8.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.6 HIGH

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 12, 2026 - 16:16 nvd

HIGH 8.6

DescriptionCVE.org

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.

AnalysisAI

Crawl4AI versions before 0.8.0 allow unauthenticated remote attackers to read arbitrary files from the server through file:// URL handling in Docker API endpoints (/execute_js, /screenshot, /pdf, /html), enabling exposure of sensitive configuration files, credentials, and environment variables. The vulnerability affects Docker deployments and AI/ML applications using the affected library, with no patch currently available.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted HTTP request with file:// URL

Exploit

Access /execute_js, /screenshot, /pdf, or /html endpoint

Execution

Read arbitrary files from filesystem

Impact

Extract sensitive data like credentials and API keys

Access

Send crafted HTTP request with file:// URL

Exploit

Access /execute_js, /screenshot, /pdf, or /html endpoint

Execution

Read arbitrary files from filesystem

Impact

Extract sensitive data like credentials and API keys

Vulnerability AssessmentAI

Exploitation	Crawl4AI versions before 0.8.0 with Docker API deployment exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.6 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker without authentication could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Crawl4AI and identify version numbers; immediately disable or isolate affected instances if upgrade is not immediately possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-54352 CRITICAL Act Now

9.6 Jun 22

Arbitrary file read in Budibase self-hosted server (@budibase/server <= 3.39.0) allows an authenticated workspace builde

CVE-2026-12565 MEDIUM This Month POC

5.3 Jun 17

Path traversal in BBOT's unarchive internal module enables a malicious archive hosted by attacker-controlled infrastruct

CVE-2026-56265 CRITICAL Act Now

9.3 Jun 21

Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to

CVE-2026-54232 HIGH This Week

8.8 Jun 22

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments

CVE-2026-26217 vulnerability details – vuln.today

Back

Docker CVE-2026-26217

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code