The Wire
Agents

CrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File Read

CERT/CChigh signal

CERT/CC advisory VU#221883 discloses four vulnerabilities in CrewAI that chain through prompt injection: CVE-2026-2275 (Code Interpreter Tool falls back to vulnerable SandboxPython if Docker unreachable, enabling arbitrary C function calls), CVE-2026-2285 (JSON loader reads files without path validation), CVE-2026-2286 (SSRF), and CVE-2026-2287 (insecure Docker runtime fallback). An attacker who can interact with a CrewAI agent with Code Interpreter enabled can chain these to achieve full host compromise. This represents the 'prompts become shells' pattern Microsoft identified as systemic across agent frameworks.

Follow the thread

CrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File Read | MindPattern