GHSA-f989-c77f-r2cq: Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution

June 16, 2026

The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets. The Docker API is unauthenticated by default.

References

github.com/advisories/GHSA-f989-c77f-r2cq
github.com/unclecode/crawl4ai/security/advisories/GHSA-f989-c77f-r2cq

Code Behaviors & Features

Detect and mitigate GHSA-f989-c77f-r2cq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →