HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-56264Published Modified CNA VulnCheck

CVE-2026-56264: Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary JavaScript and, combined with the browser's relaxed security settings, perform server-side request forgery against internal services.

Metrics

CVSS v4.0
9.2
Severity
CRITICAL
Fixed in
0.8.7
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Arbitrary JavaScript execution vulnerability in Crawl4AI's Docker API server allows unauthenticated remote attackers to submit and run arbitrary JavaScript through the /execute_js endpoint. The browser context runs with --disable-web-security enabled, removing same-origin protections and making internal network services directly reachable from the browser. Successful exploitation gives an attacker full read and write access to data the browser can reach and enables server-side request forgery against internal services. A patched-image rebuild at version 0.8.7 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images derived from Crawl4AI base layers.

Available
Triage

Triage is available using the CVSS v4.0 score of 9.2 (Critical), weighted against each environment's compliance policy to determine urgency and blast-radius context. Findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at Crawl4AI 0.8.7 becomes available on HarborGuard once the fix version is confirmed in the upstream package feed. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Crawl4AI Docker API server over the network; any internet- or LAN-exposed instance of the service is directly targetable.

  • AuthenticationNot required

    The /execute_js endpoint requires no credentials, so any client that can reach the service can submit arbitrary JavaScript for execution.

  • Victim interactionNot required

    No user action is needed; the attacker sends a direct API request and the server executes the payload without any human interaction on the target side.

  • Attack complexityDetail

    Exploitation involves elevated complexity due to attack requirements (AT:P) and environmental factors (AC:H), such as specific browser context conditions or timing dependencies, meaning the exploit is not unconditionally reliable on first attempt.

Blast Radius

  • Reads any data accessible to the browser context, including responses from internal services reached via server-side request forgery, such as metadata APIs, internal dashboards, or credential endpoints.
  • Modifies state on internal services by issuing authenticated-by-network requests from the server's browser, including writing data to APIs that trust the server's network origin.
  • Crashes or disrupts the Crawl4AI service process by exhausting browser resources or triggering unhandled exceptions in the JavaScript runtime.
  • Exfiltrates secrets available to the browser environment, such as tokens injected into the page context or environment variables accessible via JavaScript APIs exposed in the --disable-web-security configuration.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-56264 is active across connected registries and pipelines, matching any image layer that includes Crawl4AI versions below 0.8.7. Given the Critical (9.2) severity and unauthenticated network attack vector, this CVE is prioritized for fast-track processing. For customers who opt into auto-remediation, HarborGuard rebuilds the affected image at version 0.8.7, runs a regression test suite, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and test results are staged and the finding is routed to the responsible team for review. Until the patched image is deployed, consider isolating the Crawl4AI container behind a network policy that restricts inbound access to the /execute_js endpoint to trusted internal callers only, and apply egress filtering to limit the services the browser context can reach from the container.

See how HarborGuard automates this

Fix available

0.8.7
Affected packages
  • Crawl4AI / Crawl4AI
    < 0.8.7 (from 0)
    Fixed in 0.8.7
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N