PT-2026-57904 · Crewaiinc · Crewai
George Chen
·
Publicado
2026-07-13
·
Atualizado
2026-07-13
·
CVE-2026-62240
CVSS v3.1
7.4
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate url function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal addresses or use DNS rebinding techniques to access internal services and cloud metadata endpoints.
Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Crewai