CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
CVE-2026-2275CVSS 9.6Containers

CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

CVSS
9.6 CRITICAL
EPSS
35.48%
Known exploited
not in KEV
Product
-

What is known

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

Sources