CVE-2026-2286

{"id": "CVE-2026-2286", "cveTags": [], "metrics": {}, "published": "2026-03-30T16:16:04.777", "references": [{"url": "https://www.kb.cert.org/vuls/id/221883", "source": "cret@cert.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}], "lastModified": "2026-03-30T16:16:04.777", "sourceIdentifier": "cret@cert.org"}