Skip to main content

Crewai CVE-2026-2285

| EUVDEUVD-2026-17119 HIGH
2026-03-30 cret@cert.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 30, 2026 - 16:22 euvd
EUVD-2026-17119
Analysis Generated
Mar 30, 2026 - 16:22 vuln.today
CVE Published
Mar 30, 2026 - 16:16 nvd
HIGH 7.5

DescriptionCVE.org

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

AnalysisAI

CrewAI's JSON loader tool fails to validate file paths before reading, allowing arbitrary local file access that exposes sensitive server files to attackers with network access to the application. The vulnerability enables information disclosure without authentication, affecting all versions of CrewAI that include the vulnerable JSON loader component. No active exploitation has been confirmed, but the straightforward nature of the attack (unsanitized file path input) makes this a practical concern for production deployments.

Technical ContextAI

The vulnerability exists in CrewAI's JSON loader tool, a component responsible for parsing and loading JSON configuration or data files. The root cause is insufficient input validation on file path parameters, falling under the CWE category of path traversal / arbitrary file access vulnerabilities. When a user or system provides a file path to the JSON loader, the tool does not canonicalize or restrict the path, allowing attackers to use directory traversal sequences (e.g., '../../../etc/passwd') or absolute paths to access files outside the intended data directory. This is a common flaw in file handling routines that assume all file path inputs come from trusted sources.

RemediationAI

Verify the specific CrewAI version in your deployment against the CERT advisory (https://www.kb.cert.org/vuls/id/221883) and apply the patched version when released by the CrewAI project. As an interim measure, restrict network access to CrewAI instances to trusted clients only, and validate or sanitize all file path inputs before passing them to the JSON loader tool (e.g., using an allowlist of permitted directories or refusing paths containing '..' sequences). If CrewAI has published a fix version, upgrade immediately; otherwise, contact the CrewAI maintainers for guidance.

Share

CVE-2026-2285 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy