Skip to main content

CrewAI CVE-2026-62240

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-13 VulnCheck
8.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.4 HIGH

Network-reachable, low-complexity redirect bypass with no auth (PR:N) but requires a workflow to fetch the URL (UI:R); reaching internal/metadata systems is a scope change (S:C) with confidentiality-only impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 13, 2026 - 21:45 vuln.today
Analysis Generated
Jul 13, 2026 - 21:45 vuln.today
CVE Published
Jul 13, 2026 - 21:04 cve.org
HIGH 8.3

DescriptionCVE.org

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal addresses or use DNS rebinding techniques to access internal services and cloud metadata endpoints.

AnalysisAI

Server-side request forgery in CrewAI's scraping tools before version 1.15.1 lets remote attackers reach internal services and cloud metadata endpoints by abusing a flawed validate_url function. The filter performs a single DNS resolution and blocklist check, then returns the original URL unchanged, so attacker-supplied URLs that HTTP-redirect to internal addresses or exploit DNS rebinding slip past the guard. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker hosts redirecting/rebinding server
Delivery
Submit malicious URL to CrewAI scrape tool
Exploit
validate_url passes on first DNS resolution
Execution
Fetch follows redirect to internal/metadata IP
Impact
Exfiltrate cloud credentials or internal data

Vulnerability AssessmentAI

Exploitation Exploitation requires a CrewAI deployment (before 1.15.1) that feeds an attacker-supplied or attacker-influenceable URL into one of the scrape/web-fetch tools that call validate_url - this is the UI:P/passive-interaction prerequisite in the CVSS 4.0 vector: an agent workflow must be induced to fetch the malicious URL. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:P, VC:H, SC:H) scores 8.3 (High): network-reachable, low complexity, no privileges, but with passive user interaction and a scope change reflected by high subsequent-system confidentiality impact - consistent with SSRF reaching internal/metadata systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker submits a URL under their control to an application that hands it to a CrewAI agent's scrape tool; the URL passes validate_url's one-shot check by resolving to a public IP, then returns an HTTP 302 redirect (or rebinds via DNS) to http://169.254.169.254/latest/meta-data/. CrewAI follows it and returns the cloud instance's IAM credentials or internal service responses to the attacker. …
Remediation Vendor-released patch: upgrade to CrewAI 1.15.1 or later, which fixes the SSRF redirect bypass in scraping fetches (release notes list 'Fix SSRF redirect bypass in scraping fetches (#6331)'; fix commit 5d4851eac797cafc45b726f65747fe2c9520fc42). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all systems running CrewAI to identify affected versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62240 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy