CVE-2026-2285

{"id": "CVE-2026-2285", "cveTags": [], "metrics": {}, "published": "2026-03-30T16:16:04.670", "references": [{"url": "https://www.kb.cert.org/vuls/id/221883", "source": "cret@cert.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."}], "lastModified": "2026-03-30T16:16:04.670", "sourceIdentifier": "cret@cert.org"}