Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
AnalysisAI
CrewAI's JSON loader tool fails to validate file paths before reading, allowing arbitrary local file access that exposes sensitive server files to attackers with network access to the application. The vulnerability enables information disclosure without authentication, affecting all versions of CrewAI that include the vulnerable JSON loader component. No active exploitation has been confirmed, but the straightforward nature of the attack (unsanitized file path input) makes this a practical concern for production deployments.
Technical ContextAI
The vulnerability exists in CrewAI's JSON loader tool, a component responsible for parsing and loading JSON configuration or data files. The root cause is insufficient input validation on file path parameters, falling under the CWE category of path traversal / arbitrary file access vulnerabilities. When a user or system provides a file path to the JSON loader, the tool does not canonicalize or restrict the path, allowing attackers to use directory traversal sequences (e.g., '../../../etc/passwd') or absolute paths to access files outside the intended data directory. This is a common flaw in file handling routines that assume all file path inputs come from trusted sources.
RemediationAI
Verify the specific CrewAI version in your deployment against the CERT advisory (https://www.kb.cert.org/vuls/id/221883) and apply the patched version when released by the CrewAI project. As an interim measure, restrict network access to CrewAI instances to trusted clients only, and validate or sanitize all file path inputs before passing them to the JSON loader tool (e.g., using an allowlist of permitted directories or refusing paths containing '..' sequences). If CrewAI has published a fix version, upgrade immediately; otherwise, contact the CrewAI maintainers for guidance.
Server-side request forgery in CrewAI's scraping tools before version 1.15.1 lets remote attackers reach internal servic
Server-side request forgery in CrewAI's RAG search tools allows remote attackers to access internal and cloud services b
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17119