CVE-2026-2286

CVSS 9.8 CRITICALEPSS 0.5%

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

CrewAI · CrewAI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.kb.cert.org/vuls/id/221883