CVE-2026-2286 | THREATINT

Description

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

PUBLISHED Reserved 2026-02-10 | Published 2026-03-30 | Updated 2026-04-01 | Assigner certcc

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

1.0

affected

References

www.kb.cert.org/vuls/id/221883

cve.org (CVE-2026-2286)

nvd.nist.gov (CVE-2026-2286)

Download JSON