Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-2285

created 2 weeks, 5 days ago

CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

References

https://www.kb.cert.org/vuls/id/221883

Affected products

CrewAI

==1.0

Matching in nixpkgs

pkgs.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 0.203.1
- nixos-25.11-small 0.203.1
- nixpkgs-25.11-darwin 0.203.1

pkgs.pkgsRocm.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 0.203.1
- nixos-25.11-small 0.203.1
- nixpkgs-25.11-darwin 0.203.1

pkgs.python312Packages.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-25.11 0.203.1
- nixos-25.11-small 0.203.1
- nixpkgs-25.11-darwin 0.203.1

pkgs.python313Packages.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 0.203.1
- nixos-25.11-small 0.203.1
- nixpkgs-25.11-darwin 0.203.1

pkgs.python314Packages.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0

pkgs.pkgsRocm.python3Packages.crewai

Framework for orchestrating role-playing, autonomous AI agents

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 0.203.1
- nixos-25.11-small 0.203.1
- nixpkgs-25.11-darwin 0.203.1

Package maintainers

@liberodark liberodark <liberodark@gmail.com>