Back to CVE List

CVE-2026-61460

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CRM records and reassign ownership by exploiting missing record-level ownership validation in edit, update, and destroy methods.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-639
Source
NVD
Vendor
krayin
Product
laravel-crm

External References

Discussion (0)

Add Comment

No comments yet. Be the first!