CVE-2026-2285

HIGH 7.5

CVE-2026-2285

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

8th

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Vendor	crewai
Product	crewai
Published	Mar 30, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for crewai crewai

Be the first to know when new high vulnerabilities affecting crewai crewai are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CrewAI / CrewAI

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://www.kb.cert.org/vuls/id/221883