{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2285", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T14:41:48.845Z", "datePublished": "2026-03-30T15:51:39.962Z", "dateUpdated": "2026-04-01T18:45:39.761Z"}, "containers": {"cna": {"title": "CVE-2026-2285", "descriptions": [{"lang": "en", "value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2285"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:39.962Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:45:17.318406Z", "id": "CVE-2026-2285", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:45:39.761Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2285", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:45:17.318406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:45:35.055Z"}}], "cna": {"title": "CVE-2026-2285", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2285"}, "descriptions": [{"lang": "en", "value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:39.962Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2285", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:45:39.761Z", "dateReserved": "2026-02-10T14:41:48.845Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T15:51:39.962Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crewai:crewai:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9B4BBF4-32A3-44E0-94E7-B5DF2CD34B44", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."}, {"lang": "es", "value": "CrewAI contiene una vulnerabilidad de lectura arbitraria de archivos locales en la herramienta de carga JSON que lee archivos sin validaci\u00f3n de ruta, permitiendo el acceso a archivos en el servidor."}], "id": "CVE-2026-2285", "lastModified": "2026-04-06T15:46:14.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.670", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.kb.cert.org/vuls/id/221883"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CrewAI", "source": "cna", "vendor": "CrewAI"}, "product": "crewai", "vendor": "crewai"}], "analysis": {"en": {"generated_at": "2026-04-07T09:29:29.512816+00:00", "value": {"mitigation_remediation": ["Obtain and deploy the latest CrewAI release or patch that addresses the file\u2011read validation issue.", "If a patch is not yet available, coordinate with CrewAI support to receive a temporary fix or guidance.", "Restrict the JSON loader\u2019s ability to read files by using configuration controls or filesystem permissions that prevent access to sensitive directories.", "Implement network segmentation and least\u2011privilege principles to limit the scope of any potential local access.", "Continuously monitor logs for anomalous file access attempts and investigate promptly."], "summary": {"action": "Immediate Patch", "impact": "Local File Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the CrewAI product, specifically version 1.0, as identified by the associated CPE string.", "description_and_impact": "CrewAI's JSON loader allows an attacker to read arbitrary files on the server because the tool accepts any file path without validation. This constitutes a Path Traversal flaw that can lead to the disclosure of sensitive configuration files, credentials, or other confidential data, thereby affecting the confidentiality of the system.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high potential impact, while the EPSS score of less than 1 percent suggests that exploitation is currently unlikely but not impossible. The flaw is not listed in the CISA KEV catalog, and no official workaround is available, so the attack vector is assumed to be local, through the JSON loader functionality."}}}}, "created": "2026-03-30T20:55:31.886159+00:00", "title": "CrewAI Arbitrary Local File Read via JSON Loader", "updated": "2026-04-08T20:00:33.890611+00:00", "vendors": ["crewai", "crewai$PRODUCT$crewai"], "weaknesses": ["CWE-22"]}