criticalPrivacy violation UnknownPublish anonymously

CrewAI Critical Vulnerabilities (CVE-2026-2275 et al.)

by Publish anonymously · 2 days agoviews 0en

PII protected

Personal information such as emails, phone numbers, IDs and access tokens are automatically masked before publication.

Four CVEs: sandbox escape via CodeInterpreter Docker fallback, SSRF in RAG search tools, arbitrary local file read in JSON loader. Chained via prompt injection to escape sandbox and execute code on host. Separately, a leaked internal GitHub token (CVSS 9.2) granted full access to CrewAI's private repos. No complete patch available.

External Source Attribution

This incident was imported from an external open database. Licensed under CC BY 4.0 or public domain. Original source details below.

Source: AI Incident Database (Open/Stanford License)

Awaiting official response

The official response from the AI provider for this incident.

Community Discussion

0

No comments yet. Start the discussion!

You must sign in to join the discussion.