Vulnerability in Crewai
CVE-2026-2285
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.
Affected products
- Crewai — versions 1.0