CRM Vulnerability Lets Attackers Steal and Delete User Contacts

/HIGH
SCW vulnerabilitycvehigh-severity
CRM Vulnerability Lets Attackers Steal and Delete User Contacts

A critical Broken Object-Level Authorization (BOLA) vulnerability has been identified in Webkul Krayin CRM version 2.2.x. According to the National Vulnerability Database, this flaw resides in the /Contact/Persons/PersonController.php endpoint. It allows authenticated attackers to gain unauthorized access to sensitive contact information.

The National Vulnerability Database reports that attackers can exploit this weakness by sending a specially crafted GET request. Successful exploitation grants them the ability to read, modify, and even permanently delete any contact record, regardless of who originally owns it within the CRM. This poses a significant risk to data integrity and user privacy within organizations relying on this software.

With a CVSS score of 8.1 (HIGH), this vulnerability demands immediate attention. The National Vulnerability Database highlights that the exploit requires only low privileges (PR:L) and no user interaction (UI:N), making it relatively easy for a malicious actor to leverage once they have authenticated access to the system.

Related ATT&CK Techniques

T1078.004 Abuse Elevated Privileges: Web Service Persistence T1190 Exploit Public-Facing Application Initial Access T1529 System Shutdown/Reboot Impact

🛡️ Detection Rules

5 rules · 5 SIEM formats

5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1078.004 Persistence

Credential Abuse from Breached Vendor — CVE-2026-38532

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-38532 Auth Bypass Webkul Krayin CRM v2.2.x
CVE-2026-38532 Broken Object-Level Authorization /Contact/Persons/PersonController.php endpoint
CVE-2026-38532 Information Disclosure Arbitrary read of other users' contacts
CVE-2026-38532 Privilege Escalation Arbitrary modify and delete of other users' contacts

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs