CVE-2026-33733

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4

Description The admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. This allows an authenticated admin to use path traversal sequences to escape the intended template directory and read, create, overwrite, or delete arbitrary files that resolve to 'body.tpl' or 'subject.tpl' based on the web application user's filesystem permissions.

Recommendations Update to version 9.3.4.