{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2286", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T14:42:04.145Z", "datePublished": "2026-03-30T15:51:25.512Z", "dateUpdated": "2026-04-01T18:46:31.096Z"}, "containers": {"cna": {"title": "CVE-2026-2286", "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2286"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:25.512Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:46:13.729437Z", "id": "CVE-2026-2286", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:46:31.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:46:13.729437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:46:26.955Z"}}], "cna": {"title": "CVE-2026-2286", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2286"}, "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:25.512Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2286", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:46:31.096Z", "dateReserved": "2026-02-10T14:42:04.145Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T15:51:25.512Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}, {"lang": "es", "value": "CrewAI contiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor que permite la adquisici\u00f3n de contenido de servicios internos y en la nube, facilitada por las herramientas de b\u00fasqueda RAG que no validan correctamente las URL proporcionadas en tiempo de ejecuci\u00f3n."}], "id": "CVE-2026-2286", "lastModified": "2026-04-01T19:16:29.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.777", "references": [{"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/221883"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CrewAI", "source": "cna", "vendor": "CrewAI"}, "product": "crewai", "vendor": "crewai"}], "analysis": {"en": {"generated_at": "2026-03-30T17:21:51.063563+00:00", "value": {"mitigation_remediation": ["Apply the latest CrewAI patch or upgrade to a version where the SSRF issue is remediated.", "If a patch is unavailable, restrict the RAG search feature to only allow whitelisted URLs or disable the feature entirely.", "Implement strict input validation or URL sanitization for any user\u2011supplied URLs before they are processed by CrewAI.", "Monitor application logs for abnormal outbound requests and set alerting thresholds."], "summary": {"action": "Patch if available", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "CrewAI web application is affected. Specific product name is CrewAI. No public version information is listed; the flaw may apply to all current releases.", "description_and_impact": "CrewAI has a server\u2011side request forgery flaw that allows attackers to supply arbitrary URLs to the RAG search tools. The flaw permits the application to fetch content from internal and cloud services the system can reach, potentially leaking sensitive data or internal network information.", "risk_and_exploitability": "The vulnerability can be exploited by supplying a crafted URL to the RAG search feature. Because it relies on the application's ability to resolve internal network addresses, the attack is limited to machines and services reachable from the server hosting CrewAI. The risk is high if the premise user can supply malicious input or if the service is exposed to untrusted users. No EPSS score is reported, and the issue is not yet in the CISA KEV catalog, but SSRF bugs are typically considered severe due to the potential for outbound data exfiltration."}}}}, "created": "2026-03-30T20:55:32.804230+00:00", "title": "Server\u2011Side Request Forgery Allows Internal and Cloud Service Content Acquisition", "updated": "2026-03-31T20:40:42.324013+00:00", "vendors": ["crewai", "crewai$PRODUCT$crewai"], "weaknesses": ["CWE-918", "CWE-200"]}