PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

Exposed Dangerous Method or Function

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the CodeInterpreter tool that fallbacks to SandboxPython when Docker is unreachable. An attacker can execute arbitrary code by invoking...

CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...

CVE-2017-5524

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method...