CVE-2026-2287
Remote Code Execution via Improper Docker Check in CrewAI
Publication date: 2026-03-30
Last updated on: 2026-04-15
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crewai | crewai | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in CrewAI occurs because the software does not properly verify whether Docker is still running during its runtime. If Docker is not running, CrewAI falls back to a sandbox setting that is vulnerable to remote code execution (RCE) attacks.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely on the affected system by exploiting the fallback sandbox setting when Docker is not running. This could lead to unauthorized access, data compromise, or control over the system running CrewAI.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CrewAI, specifically CVE-2026-2287, allows for remote code execution due to improper checking of Docker's runtime status and fallback to an insecure sandbox mode. This can lead to unauthorized access, credential theft, and further system compromise.
Such security weaknesses can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations. Exploitation of this vulnerability could result in unauthorized data access or breaches, potentially violating data protection and privacy requirements mandated by these regulations.
Therefore, organizations using CrewAI without proper mitigation may face increased risk of non-compliance due to potential data breaches or unauthorized system control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-2287 involves monitoring the runtime status of Docker on systems running CrewAI, as the vulnerability arises when CrewAI fails to verify Docker's availability and falls back to an insecure sandbox mode that allows remote code execution.
You should check whether Docker is running properly and if CrewAI is falling back to the sandbox mode unexpectedly. Monitoring logs for warnings about Docker availability or sandbox fallback can help detect exploitation attempts.
Suggested commands to check Docker status include:
- systemctl status docker
- docker info
- ps aux | grep dockerd
Additionally, monitoring CrewAI logs for any runtime warnings or errors related to Docker or sandbox fallback is recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps for CVE-2026-2287 include disabling or restricting the use of the Code Interpreter Tool within CrewAI, as exploitation requires influencing a CrewAI agent with this tool enabled.
Avoid enabling the allow_code_execution=True setting unless absolutely necessary, to prevent fallback to insecure sandbox modes.
Sanitize all inputs and limit the exposure of CrewAI agents to untrusted data sources to reduce the risk of prompt injection attacks.
Monitor Docker availability closely to ensure that CrewAI does not fallback to the vulnerable sandbox environment.
The vendor has committed to blocking dangerous modules like ctypes in the sandbox, adding configuration options to fail closed rather than fallback, improving runtime warnings, and enhancing documentation, but no complete patch is currently available.