CVE-2026-2285
Published: 30 March 2026
Summary
CVE-2026-2285 is a high-severity an unspecified weakness vulnerability in Crewai Crewai. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 41.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-2285 is an arbitrary local file read vulnerability in the JSON loader tool of CrewAI. The tool processes files without path validation, allowing attackers to access arbitrary files on the affected server. Published on 2026-03-30, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), classified under NVD-CWE-noinfo.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation enables the attacker to read sensitive local files on the server, resulting in high confidentiality impact while leaving integrity and availability unaffected.
Mitigation details are available in the CERT advisory at https://www.kb.cert.org/vuls/id/221883.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17119
Vulnerability details
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: crewai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary local file read directly enables T1005 data collection from the local system; remote unauthenticated exploitation of the public-facing JSON loader tool maps to T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires input validation and error handling for file paths in the JSON loader tool to prevent arbitrary local file reads.
Enforces least privilege on the process handling JSON loader operations, restricting access to sensitive files even if path traversal occurs.
Mandates timely identification, reporting, and remediation of the path validation flaw in CrewAI's JSON loader.