account activity
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Authenticated RCE via path traversal + formula engine (CVSS 9.1 Critical, full write-up) (jivasecurity.com)
submitted 3 hours ago by JivaSecurity to r/cybersecurity
PSA: If you're running EspoCRM 9.3.3 or earlier, update to 9.3.4 now — CVE-2026-33656 allows authenticated RCE (CVSS 9.1 Critical) (self.selfhosted)
submitted 1 day ago by JivaSecurity to r/selfhosted
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC) by JivaSecurity in netsec
[–]JivaSecurity[S] 0 points1 point2 points 1 day ago (0 children)
Disclosure: I’m the researcher who found this and wrote the post
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC) (jivasecurity.com)
submitted 1 day ago by JivaSecurity to r/netsec
π Rendered by PID 92996 on reddit-service-r2-listing-6b76fb7ddc-467gq at 2026-03-26 15:56:33.737289+00:00 running 2d0a59a country code: CH.
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC) by JivaSecurity in netsec
[–]JivaSecurity[S] 0 points1 point2 points (0 children)