Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-56259

HIGH NVD
CVSS Score 8.2
Severity HIGH
Published Jul 12, 2026
Vendor unknown

Description

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provider API keys and server secrets including JWT SECRET_KEY for authentication bypass.

References