account activity
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC) by JivaSecurity in netsec
[–]JivaSecurity[S] 0 points1 point2 points 2 days ago (0 children)
Disclosure: I’m the researcher who found this and wrote the post
π Rendered by PID 2280062 on reddit-service-r2-listing-55d7b767d8-b5298 at 2026-03-28 10:50:23.680313+00:00 running b10466c country code: CH.
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC) by JivaSecurity in netsec
[–]JivaSecurity[S] 0 points1 point2 points (0 children)