{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2286", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T14:42:04.145Z", "datePublished": "2026-03-30T15:51:25.512Z", "dateUpdated": "2026-04-01T18:46:31.096Z"}, "containers": {"cna": {"title": "CVE-2026-2286", "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2286"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:25.512Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:46:13.729437Z", "id": "CVE-2026-2286", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:46:31.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:46:13.729437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:46:26.955Z"}}], "cna": {"title": "CVE-2026-2286", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "CrewAI", "product": "CrewAI", "versions": [{"status": "affected", "version": "1.0"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/221883"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2286"}, "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-30T15:51:25.512Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2286", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:46:31.096Z", "dateReserved": "2026-02-10T14:42:04.145Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-30T15:51:25.512Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crewai:crewai:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DC9BCCB-78E5-4D50-9EAD-6F54EB4E3153", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."}, {"lang": "es", "value": "CrewAI contiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor que permite la adquisici\u00f3n de contenido de servicios internos y en la nube, facilitada por las herramientas de b\u00fasqueda RAG que no validan correctamente las URL proporcionadas en tiempo de ejecuci\u00f3n."}], "id": "CVE-2026-2286", "lastModified": "2026-04-15T13:36:46.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.777", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.kb.cert.org/vuls/id/221883"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CrewAI", "source": "cna", "vendor": "CrewAI"}, "product": "crewai", "vendor": "crewai"}], "analysis": {"en": {"generated_at": "2026-04-06T19:29:42.176622+00:00", "value": {"mitigation_remediation": ["Check for and apply any available patch or update from CrewAI.", "If an update is not available, disable or remove the RAG search functionality to prevent arbitrary URL requests.", "As a temporary safeguard, restrict outbound HTTP requests from the CrewAI server using firewall rules or network segmentation to isolate internal resources."], "summary": {"action": "Assess Impact", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerable product is CrewAI, version\u202f1.0. No other affected versions are listed.", "description_and_impact": "CrewAI's RAG search tools allow attackers to supply arbitrary URLs without proper, resulting in a server\u2011side request forgery that can fetch internal or cloud\u2011hosted content. This vulnerability, classified as CWE\u2011918, permits unauthorized data exposure and could expose sensitive internal resources to attackers.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a high severity, but the EPSS score is below 1%, suggesting a low likelihood of widespread exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Attackers can exploit the flaw remotely through the RAG search interface by submitting malicious URLs, leading to SSRF; the primary risk is data exfiltration from internal services."}}}}, "created": "2026-03-30T20:55:32.804230+00:00", "title": "Server\u2011Side Request Forgery via Unvalidated URLs in CrewAI RAG Search Tools", "updated": "2026-04-07T08:08:35.894014+00:00", "vendors": ["crewai", "crewai$PRODUCT$crewai"]}