JustAppSec
UNKNOWN Severity

CVE-2026-2286

Last updated Apr 01, 2026 · Published Mar 30, 2026

← Back to list

Description

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

Affected products

1 listed
  • CrewAI:CrewAI

Mappings

CWE

CWE-918

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.