Webkul Krayin CRM: Critical Auth Flaw Lets Attackers Steal Leads

/HIGH
SCW vulnerabilitycvehigh-severity
Webkul Krayin CRM: Critical Auth Flaw Lets Attackers Steal Leads

A serious Broken Object-Level Authorization (BOLA) vulnerability has been identified in Webkul Krayin CRM, version 2.2.x. According to the National Vulnerability Database, this flaw resides within the /Controllers/Lead/LeadController.php endpoint.

Exploiting this vulnerability requires authenticated access, but once inside, attackers can leverage a crafted GET request to arbitrarily read, modify, or permanently delete lead data belonging to other users within the CRM. The National Vulnerability Database assigns this vulnerability a CVSS score of 8.1, classifying it as HIGH severity.

The details, as shared by the National Vulnerability Database, highlight the potential for significant data compromise and disruption. Given the nature of CRM systems, this could impact sales pipelines, customer relationships, and sensitive business intelligence.

Related ATT&CK Techniques

T1084 Access Token Manipulation Privilege Escalation T1110.001 Password Guessing Credential Access T1078.004 Web Services Initial Access

🛡️ Detection Rules

2 rules · 5 SIEM formats

2 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1078.004 Initial Access

Credential Abuse from Breached Vendor — CVE-2026-38530

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

2 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-38530 Broken Object-Level Authorization Webkul Krayin CRM v2.2.x
CVE-2026-38530 Broken Object-Level Authorization /Controllers/Lead/LeadController.php endpoint
CVE-2026-38530 Broken Object-Level Authorization Arbitrary read, modify, and delete of leads via crafted GET request

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs