Product
A critical server-side request forgery (SSRF) vulnerability, CVE-2026-62240, exists in the `validate_url` function of CrewAI versions prior to 1.15.1, allowing attackers to bypass security filters using URL redirects or DNS rebinding to access internal services and cloud metadata endpoints.