CVE-2026-33740

EPSS 0.02%
Veröffentlicht 13.04.2026 20:37:28
Zuletzt bearbeitet 17.04.2026 15:26:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from the repository without verifying that the current user has authorization to access it. Any authenticated user with Email:create and Import permissions can exploit this to read another user's .eml attachment contents by importing them as a new email into the attacker's mailbox, while the original victim attachment record is deleted as a side effect of the import flow. This is inconsistent with the standard attachment download path, which enforces ACL checks before returning file data, and is practically exploitable because attachment IDs are commonly exposed in normal UI and API workflows such as stream payloads and download links. This issue is fixed in version 9.3.4.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerespocrm

≫

Produkt espocrm

Version < 9.3.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/espocrm/espocrm/releases/tag/9.3.4

https://github.com/espocrm/espocrm/security/advisories/GHSA-wr7j-hxf8-hc4w

https://github.com/espocrm/espocrm/commit/88e3ba6a7b5cab5dbc2298e2a093d3aa383aa95f

https://nvd.nist.gov/vuln/detail/CVE-2026-33740

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33740

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33740

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33740