CVE-2026-2287

Summary

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.

Affected Software

VendorProductVersion RangeStatus
CrewAICrewAI1.0affected

Weaknesses

  • CWE-749: Exposed Dangerous Method or Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References