CVE-2026-2285

High

Published: 30 March 2026

Published

30 March 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0019 40.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2285 is a high-severity an unspecified weakness vulnerability in Crewai Crewai. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires input validation and error handling for file paths in the JSON loader tool to prevent arbitrary local file reads.

AC-6 Least Privilege good match

prevent

Enforces least privilege on the process handling JSON loader operations, restricting access to sensitive files even if path traversal occurs.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of the path validation flaw in CrewAI's JSON loader.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Arbitrary local file read directly enables T1005 data collection from the local system; remote unauthenticated exploitation of the public-facing JSON loader tool maps to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Deeper analysisAI

CVE-2026-2285 is an arbitrary local file read vulnerability in the JSON loader tool of CrewAI. The tool processes files without path validation, allowing attackers to access arbitrary files on the affected server. Published on 2026-03-30, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), classified under NVD-CWE-noinfo.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation enables the attacker to read sensitive local files on the server, resulting in high confidentiality impact while leaving integrity and availability unaffected.

Mitigation details are available in the CERT advisory at https://www.kb.cert.org/vuls/id/221883.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

crewai

1.0.0

CVEs Like This One

CVE-2026-2287Same product: Crewai Crewai

CVE-2026-2286Same product: Crewai Crewai

References

https://www.kb.cert.org/vuls/id/221883
Third Party Advisory, VDB Entry · cret@cert.org