CVE-2026-38527 HIGH

CVE-2026-38527

Vendor N/A
Product n/a
Published April 14, 2026
Last update April 14, 2026

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 14, 2026 Record updated