Crewai

crewai

Vendor: Crewai • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2287 1Crewai 1Crewai Apr 15, 2026 Mar 30, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
CVE-2026-2286 1Crewai 1Crewai Apr 15, 2026 Mar 30, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
CVE-2026-2285 1Crewai 1Crewai Apr 15, 2026 Mar 30, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.