PatchSiren

krayin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH krayin CVE published 2026-07-10

CVE-2026-61460

CVE-2026-61460 is an insecure direct object reference vulnerability in Krayin CRM through 2.2.3. Authenticated users can edit, update, or delete records owned by other users due to missing record-level ownership validation in edit, update, and destroy methods. This vulnerability exists in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. Attackers can modif [truncated]