CVE-2026-2275

Name of the Vulnerable Software and Affected Versions CrewAI versions (affected versions not specified)

Description The CodeInterpreter tool within CrewAI reverts to SandboxPython when Docker is unreachable. This fallback can allow for Remote Code Execution (RCE) through the ability to call arbitrary C functions. The tool utilizes the SandboxPython environment, and the issue arises when it cannot connect to Docker, potentially enabling malicious code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.