{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2287", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T14:42:11.332Z", "datePublished": "2026-03-30T15:50:54.907Z", "dateUpdated": "2026-04-01T18:47:21.739Z"}, "containers": {"cna": {"title": "CVE-2026-2287", "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2287"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:50:54.907Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:47:05.261419Z", "id": "CVE-2026-2287", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:47:21.739Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2287", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:47:05.261419Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:47:18.723Z"}}], "cna": {"title": "CVE-2026-2287", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2287"}, "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:50:54.907Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2287", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:47:21.739Z", "dateReserved": "2026-02-10T14:42:11.332Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T15:50:54.907Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}, {"lang": "es", "value": "CrewAI no verifica correctamente que Docker sigue ejecut\u00e1ndose durante el tiempo de ejecuci\u00f3n, y recurrir\u00e1 a una configuraci\u00f3n de sandbox que permite la explotaci\u00f3n de RCE."}], "id": "CVE-2026-2287", "lastModified": "2026-04-01T20:16:24.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.877", "references": [{"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/221883"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CrewAI", "source": "cna", "vendor": "CrewAI"}, "product": "crewai", "vendor": "crewai"}], "analysis": {"en": {"generated_at": "2026-03-30T17:22:01.761318+00:00", "value": {"mitigation_remediation": ["Apply the latest CrewAI patch or upgrade to the newest version.", "If an update is unavailable, limit external network access to the CrewAI service to prevent exploitation.", "Verify that the Docker daemon is actively running and monitor its status during runtime.", "Implement network segmentation or firewall rules to restrict exposure to the CrewAI deployment.", "Update CrewAI configuration to disable fallback to the insecure sandbox mode."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "CrewAI is the affected product. No specific version details are provided by the CNA, so any deployment using CrewAI could be susceptible until an official fix is released.", "description_and_impact": "The vulnerability arises when CrewAI fails to verify that the Docker daemon remains active during runtime. When Docker is stopped, the application falls back to a permissive sandbox configuration that permits an attacker to execute arbitrary code. This oversight allows remote attackers to gain full control over the host system through the insecure sandbox, leading to complete compromise of confidentiality, integrity, and availability.", "risk_and_exploitability": "The flaw permits total system takeover if an attacker can reach the sandbox. While EPSS data is unavailable and the vulnerability is not listed in CISA KEV, the potential for RCE makes the risk high. The likely attack vector is remote, exploiting the unsecured sandbox configuration when Docker is inactive. Administrators should treat this as a critical issue and apply a patch as soon as possible."}}}}, "created": "2026-03-30T20:55:33.726402+00:00", "title": "CrewAI RCE via Insecure Sandbox Deployment", "updated": "2026-03-31T20:40:49.854085+00:00", "vendors": ["crewai", "crewai$PRODUCT$crewai"], "weaknesses": ["CWE-78", "CWE-275"]}