CrewAI Code Interpreter Tool Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the CrewAI Code Interpreter Tool. This issue arises when the tool cannot connect to Docker and defaults to SandboxPython, allowing arbitrary C function calls that can be exploited for code execution. The vulnerability affects CrewAI agents with the Code Interpreter Tool enabled, either by default or through manual activation by the developer.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine. If the machine is using Docker, the execution occurs within the Docker environment. However, if the host is in configuration mode or unsafe mode, the code execution bypasses the sandbox entirely, leading to full remote code execution.

Remediation

Users are advised to remove or disable the Code Interpreter Tool wherever possible. If the tool must be used, avoid enabling the 'allow_code_execution' setting unless absolutely necessary. Additionally, monitor Docker availability to prevent fallback to insecure sandbox modes.