CVE-2026-2285: CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validati
mediumvulnerability
security
Summary
CrewAI has a vulnerability where its JSON loader tool reads files without checking file paths, allowing attackers to access any file on the server. This is called arbitrary local file read, and it happens because the tool doesn't validate (check) which files users are allowed to access.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 30, 2026
Classification
Attack Type
Data Extraction
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAgent
Affected Vendors
LangChain
Related Issues
criticalcritical
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Same vendorNVD/CVE Database
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Similar attack
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-2285
First tracked: March 30, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%