PT-2026-29049 · Crewai · Crewai

Yarden Porat

Publicado

2026-03-30

Atualizado

2026-04-02

CVE-2026-2285

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CrewAI (affected versions not specified)

Description The software contains a flaw where the JSON loader tool reads files without proper path validation. This allows unauthorized access to files on the server. The issue involves an arbitrary local file read.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2026-2285

Produtos afetados

Crewai

PT-2026-29049 · Crewai · Crewai

CVE-2026-2285

Identificadores relacionados

Produtos afetados

Referências · 5