CVE-2026-2286

| EUVD-2026-17121 CRITICAL
2026-03-30 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 30, 2026 - 16:22 vuln.today
EUVD ID Assigned
Mar 30, 2026 - 16:22 euvd
EUVD-2026-17121
CVE Published
Mar 30, 2026 - 16:16 nvd
CRITICAL 9.8

Tags

SSRF

Description

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

Analysis

Server-side request forgery in CrewAI's RAG search tools allows remote attackers to access internal and cloud services by injecting malicious URLs at runtime without proper validation. The vulnerability affects CrewAI's content acquisition mechanisms, enabling unauthorized data exfiltration from internal networks and cloud-hosted resources. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: 0

Share

CVE-2026-2286 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy