Known Vulnerabilities for Twenty by Twentyhq
Listed below are 5 of the newest known vulnerabilities associated with "Twenty" by "Twentyhq".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46624 json | Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twent... | Not Provided | 2026-05-26 | 2026-05-26 |
| CVE-2026-44729 json | Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFold... | Not Provided | 2026-05-26 | 2026-05-27 |
| CVE-2026-35451 json | Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote edit... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-33975 json | Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-serve... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2023-5162 json | The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortco... | Not Provided | 2023-09-27 | 2026-04-08 |