Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/24 7:21 p.m.17 views

CVE-2026-55583 Twenty: Cross-workspace IDOR in AgentTurnResolver

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.12 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 7:19 p.m.44 views

CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:19 p.m.8 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/05 7:19 p.m.18 views

CVE-2026-33975

CVE-2026-33975 affects Twenty-server SSRF protection in Twenty (NestJS) and can be bypassed in versions ≤ 1.18.0 by using IPv4-mapped IPv6 literals. The Node.js URL parser normalizes these to hex form (for example ::ffff:169.254.169.254 to ::ffff:a9fe:a9fe), while the isPrivateIp utility only rec...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder