"The first of the bugs, tracked as CVE-2026-2275, exists because the Code Interpreter tool falls back to SandboxPython when unable to access Docker. If a flag that enables code execution is set in the agent configuration, this behavior could lead to code execution through arbitrary C function calls."
"CVE-2026-2286 is described as a server-side request forgery (SSRF) bug that allows attackers to retrieve content from internal and cloud services. It exists because the RAG search tools fail to properly validate URLs provided at runtime."
"CVE-2026-2287 is a bug caused by CrewAI failing to properly check if Docker is still running at runtime and falling back to a sandbox setting that enables remote code execution."
"CVE-2026-2285 is an arbitrary local file read defect impacting the JSON loader tool, which does not validate paths when reading files, enabling access to arbitrary files on the server."
CrewAI, an open-source multi-agent orchestration framework, has four vulnerabilities that can be exploited for various attacks, including remote code execution. Discovered by Yarden Porat, these issues are linked to the Code Interpreter tool, which executes Python code in a secure Docker container. The first vulnerability, CVE-2026-2275, allows code execution through arbitrary C function calls. Other vulnerabilities include CVE-2026-2286, a server-side request forgery bug, CVE-2026-2287, which fails to check Docker's status, and CVE-2026-2285, allowing arbitrary file access.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]