CVE-2026-3265

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1

Description A flaw exists in go2ismail Free-CRM. This issue impacts an unknown part of the /api/Security/ file within the Security API component, potentially leading to improper authorization. The attack can be carried out remotely, and a public exploit is available. The product utilizes a rolling release strategy, making specific version details for affected or updated releases unavailable. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Update to a version prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

Exploit

Fix

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285

Related Identifiers

CVE-2026-3265

Affected Products

Go2Ismail Free-Crm

CVE-2026-3265

Weakness Enumeration

Related Identifiers

Affected Products

References · 8