HIGH
krayin
CVE published 2026-07-10
CVE-2026-61460
CVE-2026-61460 is an insecure direct object reference vulnerability in Krayin CRM through 2.2.3. Authenticated users can edit, update, or delete records owned by other users due to missing record-level ownership validation in edit, update, and destroy methods. This vulnerability exists in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. Attackers can modif [truncated]