CVE-2026-26217: Kritische Schwachstelle in Docker erlaubt Dateizugriff

Zusammenfassung

Mehrere Schwachstellen (CVE-2026-26216, CVE-2026-26217) in Docker ermöglichen es Angreifern, über die Docker-API-Schnittstelle auf beliebige Dateien des Dateisystems zuzugreifen. Betroffen sind Versionen von Crawl4AI vor 0.8.0. Dies kann zum Ausspähen sensibler Informationen wie Passwörter oder API-Schlüssel führen. Nutzer sollten dringend auf die korrigierte Version aktualisieren.

Unclecode - Crawl4ai - CRITICAL - CVE-2026-26217. Crawl4AI versions before 0.8.0 are vulnerable to a local file inclusion flaw within the Docker API deployment. This vulnerability is manifested through endpoints such as /execute_js, /screenshot, /pdf, and /html, which improperly process file:// URLs. As a result, unauthenticated remote attackers may exploit this flaw to access arbitrary files from the server's filesystem. This could lead to exposure of sensitive information such as /etc/passwd, /etc/shadow, and environmental variables. Such access can unveil critical credentials, API keys, and even internal application structure, making it imperative for users to upgrade to the patched version.