Browse all 4 CVE security advisories affecting CrewAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CrewAI is an open-source framework for orchestrating autonomous multi-agent AI systems, primarily used for complex collaborative tasks. Historically, CrewAI has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. The project has recorded four CVEs to date, including critical flaws that could allow attackers to execute arbitrary code or escalate privileges. While no major public security incidents have been widely reported, the presence of multiple RCE vulnerabilities in its relatively short history indicates potential risks for organizations deploying CrewAI in production environments without proper hardening and monitoring.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2285 | CVE-2026-2285 — CrewAI | 7.5 | - | 2026-03-30 |
| CVE-2026-2286 | CVE-2026-2286 — CrewAI | 8.2 | - | 2026-03-30 |
| CVE-2026-2287 | CVE-2026-2287 — CrewAI | 9.8 | - | 2026-03-30 |
| CVE-2026-2275 | CVE-2026-2275 — CrewAI | 9.8 | - | 2026-03-30 |
This page lists every published CVE security advisory associated with CrewAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.