CVE-2026-2275

Summary

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

Affected Software

VendorProductVersion RangeStatus
CrewAICrewAI1.0affected

Weaknesses

  • CWE-749: Exposed Dangerous Method or Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References