CVE-2026-38526
Published
CVSS v3
9.9
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
Free & Opensource Laravel CRM solution for SMEs and Enterprises for complete customer lifecycle management.
GitHub