Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.0
Twenty CRM: Unauthorized Access to Internal Network
CVE-2026-27023
Summary
An attacker could use Twenty's webhooks or image uploads to access internal systems. This is a security risk if your Twenty CRM is connected to sensitive internal systems. Update to version 1.18 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| twenty | twenty | <= 1.18.0 | – |
Original title
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticat...
Original description
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs (e.g., webhook endpoints, image URLs) could bypass private IP blocking by redirecting through an attacker-controlled server. This issue has been patched in version 1.18.
nvd CVSS3.1
5.0
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 5 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026