CVE-2026-2275

Description

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

Affected Products

Vendor	Product	Versions
CrewAI	CrewAI	1.0

References

Related News (2 articles)

Tier C

VulDB1h ago

CVE-2026-2275 | CrewAI 1.0 SandboxPython routine

→ No new info (linked only)

Tier B

CERT/CC Vuln Notes3h ago

VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Published3/30/2026

Last enriched2h agov3

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Updated: cvssEstimate, cweIds, mitreAttack, tags

Mar 30, 2026

Updated: description, severity, cweIds, exploitAvailable, activelyExploited, tags

Mar 30, 2026

Actively Exploited

Mar 30, 2026

Exploit Available

Mar 30, 2026

Version History

Last enriched 2h ago

v3Tier B2h ago

Updated description with detailed technical content, changed severity to HIGH, added new CWE ID, and marked the vulnerability as actively exploited with available exploits.

descriptionseveritycweIdsexploitAvailableactivelyExploitedtags

via CERT/CC Vuln Notes

v2Tier B2h ago

Updated description with detailed technical content, changed severity to HIGH, added CVSS estimate of 7.5, included new CWE IDs, marked as actively exploited, and added relevant MITRE ATT&CK techniques and tags.

cvssEstimatecweIdsmitreAttacktags

via CERT/CC Vuln Notes

v12h ago

Initial creation

CVE-2026-2275

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History