CVE-2026-2275

Published: Mar 30, 2026 Last Modified: Mar 30, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

https://docs.crewai.com/en/tools/ai-ml/codeinterpretertool
https://docs.crewai.com/en/tools/ai-ml/codeinterpretertool
https://www.kb.cert.org/vuls/id/221883
https://www.kb.cert.org/vuls/id/221883