CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*

History

26 Jun 2026, 02:00

Type Values Removed Values Added
First Time Kidocode
Kidocode crawl4ai
References () https://github.com/unclecode/crawl4ai - () https://github.com/unclecode/crawl4ai - Product
References () https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg - () https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg - Third Party Advisory
References () https://www.vulncheck.com/advisories/crawl4ai-unauthenticated-access-to-monitor-endpoints-via-docker-api-server - () https://www.vulncheck.com/advisories/crawl4ai-unauthenticated-access-to-monitor-endpoints-via-docker-api-server - Third Party Advisory
CPE cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*

24 Jun 2026, 13:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-24 13:16

Updated : 2026-06-26 02:00


NVD link : CVE-2026-56262

Mitre link : CVE-2026-56262

CVE.ORG link : CVE-2026-56262


JSON object : View

Products Affected

kidocode

  • crawl4ai
CWE
CWE-306

Missing Authentication for Critical Function