Which versions of Crawl4AI are affected by EUVD-2026-38170?

Crawl4AI Docker API server versions prior to 0.8.7 contain a critical authentication vulnerability that allows attackers to bypass login requirements and gain full access to data extraction and web…. A patch is available.

How to fix or mitigate EUVD-2026-38170?

Within 24 hours: (1) Identify all Crawl4AI instances in production and development running versions prior to 0.8.7, (2) Restrict network access to affected API servers, (3) Immediately change JWT signing key from default 'mysecret' to a secure random value. Within 7 days: Upgrade all instances to Crawl4AI 0.8.7 or later and review access logs for evidence of unauthorized token generation. Within 30 days: Audit all Crawl4AI deployments for additional hardening, implement API authentication at ingress layer, and deploy monitoring for suspicious JWT usage patterns.

Crawl4AI EUVD-2026-38170

Q: What is the CVSS score of EUVD-2026-38170?

EUVD-2026-38170 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

| CVE-2026-56265 CRITICAL

Use of Hard-coded Credentials (CWE-798)

2026-06-21 VulnCheck

GHSA-8qrg-7j2f-rf2h

Docker Authentication Bypass Crawl4ai

9.3

CVSS 4.0 · Vendor: VulnCheck

Severity by source

Vendor (VulnCheck) PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

vuln.today AI

9.8 CRITICAL

Network-reachable Docker API; complexity low because the default secret is public; no prior auth needed (PR:N); forged admin token yields full C/I/A on the server.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

Jun 22, 2026 - 06:07 vuln.today

Analysis Generated

Jun 22, 2026 - 06:07 vuln.today

Patch available

Jun 21, 2026 - 15:31 EUVD

CVE Published

Jun 21, 2026 - 13:26 cve.org

CRITICAL 9.3

DescriptionCVE.org

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality.

Articles & Coverage 1

News Critical Authentication Bypass in Crawl4AI Docker API - CVE-2026-56265 Jun 22, 2026

AnalysisAI

Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to forge valid JWT tokens because the signing key defaults to the hardcoded value 'mysecret' present in the public source code. Anyone aware of the default secret can mint tokens for arbitrary users and obtain full access to protected crawling, extraction, JavaScript execution, and configuration endpoints. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Discover exposed Crawl4AI Docker API

Delivery

Forge JWT with default 'mysecret' key

Exploit

Send authenticated request to protected endpoint

Execution

Bypass token_dep validation

Persist

Invoke crawl/execute_js/config endpoints as arbitrary user

Impact

Exfiltrate data or pivot via SSRF

Access

Discover exposed Crawl4AI Docker API

Delivery

Forge JWT with default 'mysecret' key

Exploit

Send authenticated request to protected endpoint

Execution

Bypass token_dep validation

Persist

Invoke crawl/execute_js/config endpoints as arbitrary user

Impact

Exfiltrate data or pivot via SSRF

Vulnerability AssessmentAI

Exploitation	Requires network reach to a Crawl4AI Docker API server running a version <= 0.8.6 where the operator did NOT override the default JWT signing key 'mysecret' at deployment time - the CVSS PR:N rating reflects that no prior credentials are needed, only knowledge of the public default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H (9.3) is consistent with the description - exploitation needs only network reach to the exposed Docker API and forging a token with the known default secret, with full confidentiality, integrity and availability impact on the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker enumerates internet-exposed Crawl4AI Docker API servers (e.g., via Shodan banner matching on the FastAPI service), then locally runs jwt.encode({'sub':'admin'}, 'mysecret', algorithm='HS256') to forge a bearer token for an arbitrary user. They submit the token to protected endpoints and obtain full crawl, extraction, JavaScript execution, and configuration access - which can be chained with the co-fixed /execute_js and SSRF issues to pivot into internal networks or cloud metadata.
Remediation	Vendor-released patch: upgrade Crawl4AI to 0.8.7 or later, which replaces the hardcoded default and forces operators to supply a real JWT signing key (see https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg and the VulnCheck advisory at https://www.vulncheck.com/advisories/crawl4ai-authentication-bypass-via-hardcoded-jwt-signing-key). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: (1) Identify all Crawl4AI instances in production and development running versions prior to 0.8.7, (2) Restrict network access to affected API servers, (3) Immediately change JWT signing key from default 'mysecret' to a secure random value. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-54352 CRITICAL Act Now

9.6 Jun 22

Arbitrary file read in Budibase self-hosted server (@budibase/server <= 3.39.0) allows an authenticated workspace builde

CVE-2026-12565 MEDIUM This Month POC

5.3 Jun 17

Path traversal in BBOT's unarchive internal module enables a malicious archive hosted by attacker-controlled infrastruct

CVE-2026-54232 HIGH This Week

8.8 Jun 22

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments

CVE-2026-53755 HIGH This Week

8.6 Jun 16

Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers

EUVD-2026-38170 vulnerability details – vuln.today

Back