CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-56265

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 34.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/unclecode/crawl4ai
https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg
https://www.vulncheck.com/advisories/crawl4ai-authentication-bypass-via-hardcoded-jwt-signing-key
https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-56265

Products

Pricing

Contact Us