40 matches found
CVE-2026-35451
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
CVE-2026-46624
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-44729
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-46624
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-44729
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
EUVD-2026-31907
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-46624 Twenty: SQL Injection via the timeZone field
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-46624 Twenty: SQL Injection via the timeZone field
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-46624
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-44729
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729
Twenty CRM versions 1.18.0 and earlier expose file serving endpoints at /files/* and /file/:fileFolder/:id that serve uploaded files via fileStream.pipe(res) without Content-Type, Content-Disposition, or X-Content-Type-Options headers. An authenticated attacker can upload an HTML file containing ...
Twenty 安全漏洞
Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...
PT-2026-43352
Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...
CVE-2026-33975
Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...
CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization
Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...
Twenty 代码问题漏洞
Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...
CVE-2026-35451
CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...
CVE-2026-27023
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...