CVE-2026-38527: A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attac

Description

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

Affected Products

Vendor	Product	Versions
webkul	krayin crm	n/a

References

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-38527 | Krayin CRM 2.2.x POST create server-side request forgery

→ No new info (linked only)

CVSS 3.18.5 HIGH

VectorCVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-918

PublishedApr 14, 2026

Last enriched15h agov2

Trending Score41

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 15h ago

v2Tier C23h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v11d ago

Initial creation

CVE-2026-38527: A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attac

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History