Webkul Krayin CRM v2.2.x Internal Resource Exposure via Malicious Webhooks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.5

Webkul Krayin CRM v2.2.x Internal Resource Exposure via Malicious Webhooks

CVE-2026-38527

Summary

A security issue in Webkul Krayin CRM v2.2.x allows attackers to potentially access sensitive internal resources. This is a concern because it could lead to unauthorized access to your company's internal systems. To protect your data, update to a fixed version of the software or implement additional security measures to block malicious requests.

Original title

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

Original description

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

nvd CVSS3.1 8.5

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026