PT-2026-57904 · Crewaiinc · Crewai

George Chen

·

Publicado

2026-07-13

·

Atualizado

2026-07-13

·

CVE-2026-62240

CVSS v3.1

7.4

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate url function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal addresses or use DNS rebinding techniques to access internal services and cloud metadata endpoints.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-62240

Produtos afetados

Crewai