Skip to content

CVE lookup

CVE-2026-23698

Pruva has a verified reproduction for CVE-2026-23698: Vtiger CRM through 8.4.0 allows authenticated admin users to achieve remote code execution by uploading a crafted module ZIP that places PHP files in the web-accessible modules/ directory.. The canonical evidence record is REPRO-2026-00273.

REPRO

REPRO-2026-00273

Package

Vtiger CRM · other

Severity

HIGH

Status

published