Cross-industryTool MisuseAgentic WorkflowHigh

CrewAI Docker status check failure enables remote code execution

CrewAI failed to verify Docker availability at runtime, causing the system to fall back to an insecure sandbox mode. This vulnerability, tracked as CVE-2026-2287, allowed attackers to achieve remote code execution on the host machine.

CrewAI · Incident Mar 30, 2026 · Indexed Jun 16, 2026 · 3 sources

CrewAI failing to properly check if Docker is still running at runtime and falling back to a sandbox setting that enables remote code execution.

Key facts

What
CrewAI failed to verify Docker availability at runtime, causing the system to fall back to an insecure sandbox mode.
Incident date
Mar 30, 2026
Who
CrewAI
Failure mode
Tool Misuse
AI surface
Agentic Workflow
Severity
High

What happened

CrewAI failed to verify if Docker was running during runtime. This caused the system to fall back to an insecure sandbox mode. Attackers could exploit this to achieve remote code execution on the host machine.

What broke inside the model

Failure path · mode profile · Tool Misuse
  1. 01 · TriggerThe agent selects the correct tool.
  2. 02 · Model stepIt fills the call with the wrong arguments.
  3. 03 · Control gapNo validation checks the arguments first.
  4. 04 · FailureThe tool runs against the wrong target.
  5. 05 · ConsequenceThe wrong record, account, or system is hit.

At the tool call, the arguments point at the wrong target.

The system lacked a runtime check for Docker availability. Instead of failing closed, it defaulted to an insecure execution environment. This fallback bypassed the intended isolation of the Docker container.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactMany customers
Financial impactUnknown
Time to disclosureDays

Sources

  1. PrimaryCVE Record: CVE-2026-2287cve.org
  2. PressCrewAI Vulnerabilities Expose Devices to Hacking - SecurityWeeksecurityweek.com
  3. PrimaryMultiple Vulnerabilities in CrewAI Allow Sandbox Escape and Remote Code Execution via Prompt Injection - Thailand Computer Emergency Response Team (ThaiCERT)thaicert.or.th

Cite this entry

Permalinkhttps://failureindex.ai/failures/crewai-docker-status-check-failure-enables
CitationAI Failure Index. "CrewAI Docker status check failure enables remote code execution" (FI-0569). Realm Labs. https://failureindex.ai/failures/crewai-docker-status-check-failure-enables (indexed Jun 16, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0569. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • OmniGuard
  • AgentRealm

Realm can inspect a tool call against the user's actual intent before it runs, and hold calls whose arguments or target do not match what was asked, so the wrong tool or the wrong arguments never reach the system of record.

Book a Demo

Related failures

Other records that share this failure mode (Tool Misuse) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026