CrewAI Docker Runtime Check Vulnerability Leading to Remote Code Execution

A remote code execution vulnerability has been identified in CrewAI, a tool for building multi-agent AI systems. The issue arises because CrewAI does not properly verify whether Docker is running during execution. When Docker is unavailable, the application reverts to a sandbox mode that can be exploited for remote code execution. This vulnerability is part of a broader set of issues in CrewAI, including server-side request forgery and arbitrary local file read vulnerabilities.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine, particularly if Docker is being used. If the host is in configuration or unsafe mode, the vulnerability could lead to full remote code execution.

Remediation

Users are advised to monitor Docker availability and prevent the application from falling back to insecure sandbox modes. The vendor has indicated plans to improve security by adding certain modules to a blocked list, evaluating configuration changes, and enhancing security-related documentation. Until these changes are implemented, users should remove or restrict the Code Interpreter Tool and limit agent exposure to untrusted input.