CVE-2026-2287

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...

CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

CVE-2026-2287 CVE-2026-2287

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...

CVE-2026-2287

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...

CVE-2026-2287 CVE-2026-2287

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...

CVE-2026-2287

CVE-2026-2287 affects CrewAI tooling and is triggered when the Code Interpreter/ Docker runtime check fails. Several sources (NVD, Red Hat, CVE List, CERT, EUVD, PT Security, Snyk) describe that CrewAI does not reliably verify that Docker remains running during runtime and falls back to a sandbox...

CVE-2026-2275 CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

CVE-2026-2275 CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

PT-2026-29158

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.28 Description NocoBase is an AI-powered no-code/low-code platform. Versions of NocoBase prior to 2.0.28 have a security flaw that allows an authenticated attacker to achieve Remote Code Execution RCE as root. Th...

CrewAI 安全漏洞

CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability that stems from incorrect checking of Docker’s running status and reverting to a sandbox setting, which may lead to remote code execution...

PT-2026-29048

Name of the Vulnerable Software and Affected Versions CrewAI versions affected versions not specified Description The CodeInterpreter tool within CrewAI reverts to SandboxPython when Docker is unreachable. This fallback can allow for Remote Code Execution RCE through the ability to call arbitrary...

PT-2026-29051

Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description CrewAI does not adequately verify the continued operation of Docker during runtime. If Docker is not running, the software reverts to a sandbox configuration that permits Remote Code Execution...

PT-2026-29104

Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.1.25 Docker Desktop versions prior to 4.67.0 Description The software contains a Server-Side Request Forgery SSRF issue within the OCI registry token exchange process. When retrieving a model, the softwa...

BentoML < 1.4.37 Command Injection (GHSA-jfjg-vc52-wqvf)

The version of the BentoML library installed on the remote host is prior to 1.4.37. It is, therefore, affected by a command injection vulnerability: - The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 - Kobold Exploit Full chain exploit for the Ko...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

EUVD-2026-16793

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...

CVE-2026-34205

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps formerly add-ons configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuratio...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the actions/cache server process. An attacker can inject malicious cache entries and retrieve all existing caches by connecting to the server and predicting cache keys, potentially leading to execution of...