2 matches found
CVE-2026-62240
CVE-2026-62240 overview : CrewAI before 1.15.1 is affected by a server-side request forgery in the validate_url function, which performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. An attacker can bypass the security filter by providing URLs that redi...
EUVD-2026-17117
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...