CVE-2026-2287

Description

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.

Affected Products

Vendor	Product	Versions
CrewAI	CrewAI	1.0

References

https://www.kb.cert.org/vuls/id/221883

Related News (2 articles)

Tier C

VulDB3h ago

CVE-2026-2287 | CrewAI 1.0 Docker routine

→ No new info (linked only)

Tier B

CERT/CC Vuln Notes5h ago

VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited❌ No

PublishedMar 30, 2026

Last enriched5h agov2

Community Vote

0 upvotes

Version History

Last enriched 5h ago

v2Tier B5h ago

Updated description with detailed technical information, changed severity to HIGH, added CVSS estimate of 7.5, included new CWE IDs, and marked the vulnerability as actively exploited with available exploits.

cvssEstimatecweIdstags

via CERT/CC Vuln Notes

v15h ago

Initial creation

CVE-2026-2287

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History