Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Jetpack CRM allows hackers to access sensitive files
CVE-2026-22356
Summary
A vulnerability in Jetpack CRM allows unauthorized access to sensitive files on the server, which could lead to data exposure or other security issues. This affects Jetpack CRM versions up to 6.7.0. Update to the latest version to fix the issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issu...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.
nvd CVSS3.1
7.5
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026