Product
An Insecure Direct Object Reference (IDOR) vulnerability, CVE-2026-61460, in Krayin CRM through version 2.2.3 allows authenticated users to modify, update, or delete records owned by other users by exploiting missing record-level ownership validation in various controllers, leading to unauthorized data manipulation.