Description
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
Published: 2026-03-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

CrewAI fails to confirm that Docker is running during its operation, and if Docker is not active it falls back to a sandbox mode that unintentionally permits remote code execution. This vulnerability is a code injection flaw that allows an attacker to run arbitrary code with the permissions of the CrewAI process, potentially compromising the host system.

Affected Systems

The affected product is CrewAI, version 1.0. Systems running this edition should verify whether they have later releases.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical rating, and the EPSS score of less than 1% suggests that, at this moment, exploitation is unlikely in the wild. Nonetheless, the vulnerability is not listed in CISA's KEV catalog. An attacker could exploit the fallback sandbox by triggering it, as the description implies that the lack of Docker health checks allows the compromise vector to be active.

Generated by OpenCVE AI on April 7, 2026 at 09:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update CrewAI to the latest release that implements proper Docker running validation.
  • If a patch is not available, disable Docker integration or stop Docker before launching CrewAI to eliminate the fallback path.
  • Configure CrewAI to enforce explicit Docker health checks and prevent automatic sandbox fallback.
  • Restrict CrewAI processes to a low-privilege user and use strong container isolation to limit potential impact.
  • Monitor system logs for any unexpected container fallback or code execution events.

Generated by OpenCVE AI on April 7, 2026 at 09:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.kb.cert.org/vuls/id/221883 cve-icon cve-icon
History

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:crewai:crewai:1.0:*:*:*:*:*:*:* cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:*

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-287

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
CPEs cpe:2.3:a:crewai:crewai:1.0:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
CWE-287

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-275
CWE-78

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Crewai
Crewai crewai
Vendors & Products Crewai
Crewai crewai

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-275
CWE-78

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
Title CVE-2026-2287
References

Subscriptions

Crewai Crewai
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-01T18:47:21.739Z

Reserved: 2026-02-10T14:42:11.332Z

Link: CVE-2026-2287

cve-icon Vulnrichment

Updated: 2026-04-01T18:47:18.723Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T16:16:04.877

Modified: 2026-04-15T13:37:08.760

Link: CVE-2026-2287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:34Z

Weaknesses