Skip to content
MindPattern
Wire
Briefings
Search
Subscribe
← The Wire
Source trail
CERT/CC
Public MindPattern findings, entities, and graph evidence that cite this source.
Findings
1
All-time hits
1
High value
1
Last seen
2026-05-22
Connected entities
CERT/CC
CrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File Re
Related findings
2026-05-22 / AGENTS
CrewAI Hit by Four CVEs: Prompt Injection Chains to RCE, SSRF, Sandbox Escape, and Arbitrary File Read
CERT/CC advisory VU#221883 discloses four vulnerabilities in CrewAI that chain through prompt injection: CVE-2026-2275 (Code Interpreter Tool falls back to vulnerable SandboxPython if Docker unreachable, enabling arbitrary C function calls), CVE-2026-2285 (JSON loader reads files without path validation), CVE-2026-2286 (SSRF), and CVE-2026-2287 (insecure Docker runtime fallback). An attacker who can interact with a CrewAI agent with Code Interpreter enabled can chain these to achieve full host compromise. This represents the 'prompts become shells' pattern Microsoft identified as systemic across agent frameworks.
Open latest cited source
Wire
Briefings
Search
Subscribe