Critical severity9.9NVD Advisory· Published Apr 14, 2026· Updated Apr 17, 2026
CVE-2026-38526
CVE-2026-38526
Description
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2.2.x
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.