Back to CVE List

CVE-2026-2285

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Vulnerability Details

Published Date
Last Modified
CWE ID
NVD-CWE-noinfo
Source
NVD
Vendor
crewai
Product
crewai

External References

Discussion (0)

Add Comment

No comments yet. Be the first!