CVE-2026-2285

Description

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Affected Products

Vendor	Product	Versions
CrewAI	CrewAI	1.0

References

https://www.kb.cert.org/vuls/id/221883

Related News (2 articles)

Tier C

VulDB3h ago

CVE-2026-2285 | CrewAI 1.0 JSON Loader Tool information disclosure

→ No new info (linked only)

Tier B

CERT/CC Vuln Notes5h ago

VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited❌ No

PublishedMar 30, 2026

Last enriched5h agov2

Community Vote

Version History

Last enriched 5h ago

v2Tier B5h ago

Updated severity to HIGH, added CVSS estimate of 7.5, identified CWE-22, and marked the vulnerability as actively exploited with available exploits.

cvssEstimatecweIdstags

via CERT/CC Vuln Notes

v15h ago

Initial creation

CVE-2026-2285

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History