CVE-2026-33659 | EspoCRM up to 9.3.3 fromImageUrl dns_get_record server-side request forgery

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability was found in EspoCRM up to 9.3.3. It has been classified as critical. Affected by this issue is the function dns_get_record of the file /api/v1/Attachment/fromImageUrl. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-33659. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-33659 | EspoCRM up to 9.3.3 fromImageUrl dns_get_record server-side request forgery

Post correlati

CVE-2025-7577 | Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 hard-coded password

CVE-2024-13212 | SingMR HouseRent 1.0 AddHouseController.java singleUpload/upload file unrestricted upload

CVE-2025-5270 | Mozilla Firefox up to 138 cleartext transmission

CVE-2024-10526 | Rapid7 Velociraptor up to 0.73.2 MSI Installer file access