Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

espocrm — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting espocrm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

EspoCRM serves as a customer relationship management platform for sales, marketing, and service operations. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. The platform's 18 recorded CVEs highlight recurring issues in its API and file handling components. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous patch management and security hardening. Organizations implementing EspoCRM should prioritize regular updates and implement least privilege configurations to mitigate potential exploitation risks.

Top products by espocrm: EspoCRM
HighCVE-2026-337332026-04-23
Admin TemplateManager path traversal allows arbitrary file read write and delete · Advisory · espocrm/espocrm · GitHub
CriticalCVE-2026-336562026-04-23
Authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user · Advisory · espoc
High2026-04-18
image url curl resolve · espocrm/espocrm@dca03cc · GitHub
Medium2026-04-18
Email importEml can import and delete another user's attachment by raw fileId · Advisory · espocrm/espocrm · GitHub
High2026-04-18
fix impot eml attachment · espocrm/espocrm@88e3ba6 · GitHub
HighGHSA-6p34-7j5g-j2822026-04-18
SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access · Advisory · espocrm/espocrm ·
Medium2026-04-18
Stored HTML injection in email notifications about stream notes via Markdown allowing HTML markup · Advisory · espocrm/e
High2026-04-18
Authenticated SSRF via internal-host validation bypass using alternative IPv4 notation · Advisory · espocrm/espocrm · Gi

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with espocrm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.