Home / Vulnerability Intelligence / CVE-2026-26217

CVE-2026-26217 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: February 13, 2026

Crawl4AI - Local File Inclusion

Published: February 12, 2026Updated: February 13, 2026Remote Exploitable

Overview

Crawl4AI < 0.8.0 contains a local file inclusion vulnerability in Docker API deployment endpoints (/execute_js, /screenshot, /pdf, /html) accepting file:// URLs, letting unauthenticated remote attackers read arbitrary files.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 6.2%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can read sensitive files, exposing credentials, API keys, and internal application details.

Mitigation

Update to version 0.8.0 or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Feb 12, 2026

🟠 CVE-2026-26217 - High (8.6) Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary fi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26217/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Offensive Sequence

@offseq

Feb 12, 2026

🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec

View original post

Related Resources

Details

CVE ID: CVE-2026-26217
Severity: High
CVSS Score: 8.6
Type: file_inclusion
Status: unconfirmed
EPSS: 6.2%
Social Posts: 2

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

6.2%Probability of exploitation in the next 30 days