CVE-2026-38527

Published April 14th, 2026

View on NVD ↗

CVSS v3

8.5

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

krayin/laravel-crm

Free & Opensource Laravel CRM solution for SMEs and Enterprises for complete customer lifecycle management.

GitHub

22.7K

TREXNEGRO/Security-Advisories

GitHub