{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2287", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T14:42:11.332Z", "datePublished": "2026-03-30T15:50:54.907Z", "dateUpdated": "2026-04-01T18:47:21.739Z"}, "containers": {"cna": {"title": "CVE-2026-2287", "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2287"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:50:54.907Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:47:05.261419Z", "id": "CVE-2026-2287", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:47:21.739Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2287", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:47:05.261419Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:47:18.723Z"}}], "cna": {"title": "CVE-2026-2287", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2287"}, "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-749: Exposed Dangerous Method or Function"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:50:54.907Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2287", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:47:21.739Z", "dateReserved": "2026-02-10T14:42:11.332Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T15:50:54.907Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DC9BCCB-78E5-4D50-9EAD-6F54EB4E3153", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."}, {"lang": "es", "value": "CrewAI no verifica correctamente que Docker sigue ejecut\u00e1ndose durante el tiempo de ejecuci\u00f3n, y recurrir\u00e1 a una configuraci\u00f3n de sandbox que permite la explotaci\u00f3n de RCE."}], "id": "CVE-2026-2287", "lastModified": "2026-04-15T13:37:08.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.877", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.kb.cert.org/vuls/id/221883"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CrewAI", "source": "cna", "vendor": "CrewAI"}, "product": "crewai", "vendor": "crewai"}], "analysis": {"en": {"generated_at": "2026-04-07T09:29:44.058322+00:00", "value": {"mitigation_remediation": ["Update CrewAI to the latest release that implements proper Docker running validation.", "If a patch is not available, disable Docker integration or stop Docker before launching CrewAI to eliminate the fallback path.", "Configure CrewAI to enforce explicit Docker health checks and prevent automatic sandbox fallback.", "Restrict CrewAI processes to a low-privilege user and use strong container isolation to limit potential impact.", "Monitor system logs for any unexpected container fallback or code execution events."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is CrewAI, version 1.0. Systems running this edition should verify whether they have later releases.", "description_and_impact": "CrewAI fails to confirm that Docker is running during its operation, and if Docker is not active it falls back to a sandbox mode that unintentionally permits remote code execution. This vulnerability is a code injection flaw that allows an attacker to run arbitrary code with the permissions of the CrewAI process, potentially compromising the host system.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical rating, and the EPSS score of less than 1% suggests that, at this moment, exploitation is unlikely in the wild. Nonetheless, the vulnerability is not listed in CISA's KEV catalog. An attacker could exploit the fallback sandbox by triggering it, as the description implies that the lack of Docker health checks allows the compromise vector to be active."}}}}, "created": "2026-03-30T20:55:33.726402+00:00", "title": "CrewAI Docker Runtime RCE Vulnerability", "updated": "2026-04-08T20:00:34.879933+00:00", "vendors": ["crewai", "crewai$PRODUCT$crewai"]}