Known Vulnerabilities for EspoCRM by EspoCRM
Listed below are 10 of the newest known vulnerabilities associated with "EspoCRM" by "EspoCRM".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41160 json | EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access ... | Not Provided | 2026-05-28 | 2026-05-28 |
| CVE-2026-41141 json | EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/pr... | Not Provided | 2026-05-28 | 2026-05-28 |
| CVE-2026-33741 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to... | Not Provided | 2026-05-19 | 2026-05-19 |
| CVE-2026-33740 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/i... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2026-33733 json | EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-33659 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachm... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2026-33657 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-33656 json | EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula sc... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-33534 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2023-5966 json | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the ext... | Not Provided | 2023-11-30 | 2026-04-20 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Espocrm | Espocrm | 5.6.9 | |||
| Application | Espocrm | Espocrm | 5.6.8 | |||
| Application | Espocrm | Espocrm | 5.6.7 | |||
| Application | Espocrm | Espocrm | 5.6.6 | |||
| Application | Espocrm | Espocrm | 5.6.5 | |||
| Application | Espocrm | Espocrm | 5.6.4 | |||
| Application | Espocrm | Espocrm | 5.6.3 | |||
| Application | Espocrm | Espocrm | 5.6.2 | |||
| Application | Espocrm | Espocrm | 5.6.10 | |||
| Application | Espocrm | Espocrm | 5.6.1 | |||
| Application | Espocrm | Espocrm | 5.6.0 | |||
| Application | Espocrm | Espocrm | 5.5.6 | |||
| Application | Espocrm | Espocrm | 5.5.5 | |||
| Application | Espocrm | Espocrm | 5.5.4 | |||
| Application | Espocrm | Espocrm | 5.5.3 | |||
| Application | Espocrm | Espocrm | 5.5.2 | |||
| Application | Espocrm | Espocrm | 5.5.1 | |||
| Application | Espocrm | Espocrm | 5.5.0 | |||
| Application | Espocrm | Espocrm | 5.4.5 | |||
| Application | Espocrm | Espocrm | 5.4.4 |