Skip to content
MindPattern
WireBriefingsSearch
Subscribe
← The Wire
Source trail

CERT/CC

Public MindPattern findings, entities, and graph evidence that cite this source.

Findings
1
All-time hits
1
High value
1
Last seen
2026-05-22

Connected entities

CERT/CCCrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File Re

Related findings

  1. 2026-05-22 / AGENTSCrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File ReadCERT/CC advisory VU#221883 discloses four vulnerabilities in CrewAI that chain through prompt injection: CVE-2026-2275 (Code Interpreter Tool falls back to vulnerable SandboxPython if Docker unreachable, enabling arbitrary C function calls), CVE-2026-2285 (JSON loader reads files without path validation), CVE-2026-2286 (SSRF), and CVE-2026-2287 (insecure Docker runtime fallback). An attacker who can interact with a CrewAI agent with Code Interpreter enabled can chain these to achieve full host compromise. This represents the 'prompts become shells' pattern Microsoft identified as systemic across agent frameworks.
Open latest cited source
WireBriefingsSearch
Subscribe