CRITICAL
Crawl4AI
CVE published 2026-06-21
CVE-2026-56265
CVE-2026-56265 is a critical authentication bypass vulnerability in Crawl4AI before version 0.8.7. The vulnerability is caused by a hardcoded default JWT signing key in the Docker API server. This allows attackers who know the default key to forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality. The CVSS score for this vulnerability is [truncated]