CVE-2026-2285

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-2285

Affected Products

Crewai

CVE-2026-2285

Related Identifiers

Affected Products

References · 2