CVE-2026-33659 | EspoCRM up to 9.3.3 fromImageUrl dns_get_record server-side request forgery

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability was found in EspoCRM up to 9.3.3. It has been classified as critical. Affected by this issue is the function dns_get_record of the file /api/v1/Attachment/fromImageUrl. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-33659. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-33659 | EspoCRM up to 9.3.3 fromImageUrl dns_get_record server-side request forgery

Post correlati

CVE-2023-46808 | Ivanti ITSM 2023.1/2023.2/2023.3 unrestricted upload (ID 000091277)

CVE-2024-20118 | MediaTek MT8792 Mms write-what-where condition (MSV-1621 / ALPS09062392)

CVE-2023-46456 | GL.iNet GL-AR300M up to 3.216 OpenVPN Client File Upload os command injection

CVE-2024-23904 | Log Command Plugin up to 1.0.2 on Jenkins args4j command path traversal