Severity: Critical
CVSS Score: 10
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The `/crawl` endpoint accepts a `hooks` parameter containing Python code that is executed using `exec()`. The `__import__` builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. **Attack Vector:** ```json POST /crawl { "urls": ["https://example.com"], "hooks": { "code": { "on_page_context_created": "async def hook(page, context, **kwargs):\n __import__('os').system('malicious_command')\n return page" } } } ``` ### Impact An unauthenticated attacker can: - Execute arbitrary system commands - Read/write files on the server - Exfiltrate sensitive data (environment variables, API keys) - Pivot to internal network services - Completely compromise the server ### Mitigation 1. **Upgrade to v0.8.0** (recommended) 2. If unable to upgrade immediately: - Disable the Docker API - Block `/crawl` endpoint at network level - Add authentication to the API ### Fix Details 1. Removed `__import__` from `allowed_builtins` in `hook_manager.py` 2. Hooks disabled by default (`CRAWL4AI_HOOKS_ENABLED=false`) 3. Users must explicitly opt-in to enable hooks ### Credits Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)