VYPR

Twenty

by Twentyhq

Source repositories

CVEs (9)

  • CVE-2026-46624CriMay 26, 2026
    risk 0.57cvss 9.9epss 0.00

    Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute…

  • CVE-2026-44729HigMay 26, 2026
    risk 0.50cvss 8.7epss 0.00

    Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using fileStream.pipe(res) without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers.…

  • CVE-2026-33975HigMay 5, 2026
    risk 0.47cvss epss 0.00

    Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6…

  • CVE-2024-11352MedDec 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2026-35451MedApr 21, 2026
    risk 0.30cvss 5.7epss 0.00

    Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can…

  • CVE-2026-55583Jun 24, 2026
    risk 0.00cvss epss 0.00

    Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-ag…

  • CVE-2026-27023Mar 5, 2026
    risk 0.00cvss epss 0.00

    Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs (e.g., webhook endpoints, image…

  • CVE-2024-28434Mar 25, 2024
    risk 0.00cvss epss 0.01

    The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

  • CVE-2024-28435Mar 25, 2024
    risk 0.00cvss epss 0.00

    The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.