CVE-2026-2286

Name of the Vulnerable Software and Affected Versions CrewAI (affected versions not specified)

Description CrewAI contains a server-side request forgery condition that allows for the acquisition of content from internal and cloud services. This is facilitated by Retrieval-Augmented Generation (RAG) search tools that do not properly validate URLs provided during runtime. The issue allows an attacker to potentially access resources that should not be publicly accessible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.