CVE-2026-3264 | go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Administrative Interface redirect

A vulnerability, which was classified as critical, was found in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect.

This vulnerability is handled as CVE-2026-3264. The attack can be executed remotely. Additionally, an exploit exists.

This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3264 | go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Administrative Interface redirect

Post correlati

CVE-2024-2324 | FileOrganizer Plugin/FileOrganizer Pro Plugin up to 1.0.6 on WordPress cross site scripting

CVE-2024-25443 | Hugin 2022.0.0 Image linkWith use after free

CVE-2025-10659 | MegaSys Telenium Online Web Application up to 8.4.21 PHP Endpoint os command injection (icsa-25-273-01)

CVE-2024-43595 | Microsoft Edge up to 129.0.2792.52 buffer over-read