CVE-2026-36340

Daily digests

Krayin CRM v2.1.5 has a remote code execution bug in the compose email function. A remote attacker can run arbitrary code on your CRM server by exploiting this feature. The fix is in v2.1.6. Details are thin, but RCE in a CRM email function likely means a crafted email payload can break out of the application and hit the underlying OS.

• Daily Digest · May 1, 2026

  WordPress auth bypass, CVSS 9.8, no creds needed