JustAppSec
UNKNOWN Severity

CVE-2026-2285

Last updated Apr 01, 2026 · Published Mar 30, 2026

← Back to list

Description

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Affected products

1 listed
  • CrewAI:CrewAI

Mappings

CWE

CWE-22

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.