Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.
References
| Link | Resource |
|---|---|
| https://github.com/unclecode/crawl4ai | Product |
| https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg | Third Party Advisory |
| https://www.vulncheck.com/advisories/crawl4ai-unauthenticated-access-to-monitor-endpoints-via-docker-api-server | Third Party Advisory |
Configurations
History
26 Jun 2026, 02:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Kidocode
Kidocode crawl4ai |
|
| References | () https://github.com/unclecode/crawl4ai - Product | |
| References | () https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg - Third Party Advisory | |
| References | () https://www.vulncheck.com/advisories/crawl4ai-unauthenticated-access-to-monitor-endpoints-via-docker-api-server - Third Party Advisory | |
| CPE | cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:* |
24 Jun 2026, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-24 13:16
Updated : 2026-06-26 02:00
NVD link : CVE-2026-56262
Mitre link : CVE-2026-56262
CVE.ORG link : CVE-2026-56262
JSON object : View
Products Affected
kidocode
- crawl4ai
CWE
CWE-306
Missing Authentication for Critical Function
