CrewAI Vulnerabilities Expose Devices to Hacking
Summary
CrewAI, an AI framework, has vulnerabilities that attackers can exploit using prompt injection (tricking an AI by hiding malicious instructions in its input) to chain together bugs and escape the sandbox (a restricted environment meant to contain the AI's actions) to run arbitrary code on a device.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/
First tracked: March 31, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%