Twenty CRM RCE via SQL Injection and PostgreSQL COPY TO PROGRAM

github.com 2026-05-27翻訳準備中…中国語で表示中中国語 →English →

Security AdvisoryCriticalTwenty

Affected:

Twenty CRM v1.7.7
Twenty CRM v1.6.7

Fixed in:

1.16.7

参照 CVE: CVE-2026-46624 · 9.9

文章内图片已隐藏以节省流量 · 升级 Pro 后可见图片及离线存档

本文由本平台从 github.com 自动抓取，经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。

このソースからの他の記事

Pre-auth path traversal in Nezhah Agent leaks JWT secret via /dashboard prefix confusion 2026-06-13 BookCars v0.3 Pre-Auth JWT Verification Bypass Vulnerability 2026-06-13 AgentChat Information Disclosure: API Returns Saltless Password Hashes in /api/v1/user/info and Remediation 2026-06-13 BookCars v6.3 Unrestricted File Upload Leading to Stored XSS via /api/create-license 2026-06-13 BookCars v6.3 Privilege Escalation via Broken Object Level Authorization (BOLA) 2026-06-13

离线存档

离线截图 & PDF 为 Pro 专属