GHSA-mw9f-q68p-364x
Crawl4AI versions before 0.8.8 have credential exfiltration vulnerabilities in their Docker API server. Attackers can exploit unauthenticated endpoints (/md, /llm, /llm/job) by manipulating the base_url parameter and setting api_token to environment variable references, allowing them to read arbitrary environment variables. This can lead to exfiltration of sensitive data such as provider API keys and JWT SECRET_KEY, enabling authentication bypass.
AI Analysis
Technical Summary
Crawl4AI prior to version 0.8.8 contains vulnerabilities in its Docker API server that allow unauthenticated attackers to redirect large language model (LLM) API calls to attacker-controlled endpoints. By supplying a malicious base_url parameter and setting the api_token parameter to env:VARIABLE_NAME, attackers can read arbitrary environment variables. This includes sensitive secrets like provider API keys and JWT SECRET_KEY, which can be used to bypass authentication mechanisms. The affected endpoints are /md, /llm, and /llm/job, all of which do not require authentication, facilitating exploitation.
Potential Impact
Successful exploitation allows attackers to exfiltrate sensitive environment variables, including API keys and authentication secrets such as JWT SECRET_KEY. This can lead to unauthorized access, authentication bypass, and potential compromise of the server and connected services.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected endpoints and avoid exposing the Docker API server publicly. Monitor for unusual API call redirections and environment variable access patterns.
GHSA-mw9f-q68p-364x
Description
Crawl4AI versions before 0.8.8 have credential exfiltration vulnerabilities in their Docker API server. Attackers can exploit unauthenticated endpoints (/md, /llm, /llm/job) by manipulating the base_url parameter and setting api_token to environment variable references, allowing them to read arbitrary environment variables. This can lead to exfiltration of sensitive data such as provider API keys and JWT SECRET_KEY, enabling authentication bypass.
CVSS v4.0
Affected software
pkg:github/unclecode/crawl4aiRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Crawl4AI prior to version 0.8.8 contains vulnerabilities in its Docker API server that allow unauthenticated attackers to redirect large language model (LLM) API calls to attacker-controlled endpoints. By supplying a malicious base_url parameter and setting the api_token parameter to env:VARIABLE_NAME, attackers can read arbitrary environment variables. This includes sensitive secrets like provider API keys and JWT SECRET_KEY, which can be used to bypass authentication mechanisms. The affected endpoints are /md, /llm, and /llm/job, all of which do not require authentication, facilitating exploitation.
Potential Impact
Successful exploitation allows attackers to exfiltrate sensitive environment variables, including API keys and authentication secrets such as JWT SECRET_KEY. This can lead to unauthorized access, authentication bypass, and potential compromise of the server and connected services.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected endpoints and avoid exposing the Docker API server publicly. Monitor for unusual API call redirections and environment variable access patterns.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-mw9f-q68p-364x
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-56259"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a54ae1868715ace438f98b7
Added to database: 07/13/2026, 09:21:28 UTC
Last enriched: 07/13/2026, 10:01:29 UTC
Last updated: 07/13/2026, 10:01:29 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.