PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57572 unclecode CVE debrief

CVE-2026-57572 is a critical vulnerability in Crawl4AI's Docker API server. Prior to version 0.9.0, the server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0.

Vendor
unclecode
Product
crawl4ai
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-07
Advisory published
2026-07-06
Advisory updated
2026-07-07

Who should care

Users of Crawl4AI, especially those using versions prior to 0.9.0, should be aware of this critical vulnerability. The unauthenticated nature of the Docker API by default makes it a high-risk issue for potential exploitation.

Technical summary

The vulnerability exists in the Crawl4AI Docker API server's handling of browser_config.extra_args. This parameter was not properly sanitized, allowing an attacker to inject malicious Chromium switches. Specifically, an attacker could inject switches that, in combination with --no-zygote, would allow Chromium to execute an attacker-controlled command as the container's runtime user. This is particularly dangerous as the Docker API is unauthenticated by default, requiring only a single request to achieve arbitrary command execution on the system.

Defensive priority

High

Recommended defensive actions

  • Upgrade Crawl4AI to version 0.9.0 or later
  • Authenticate the Docker API
  • Restrict access to the Docker API
  • Monitor for suspicious activity
  • Inventory and patch vulnerable systems

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The vendor has released a patch in version 0.9.0. Users should verify their systems are updated and consider compensating controls.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T21:16:58.047Z and has not been modified since then. The NVD entry is currently Analyzed.