{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-38529/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-38529"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["bola","cve-2026-38529","krayin-crm","account-takeover"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-38529 describes a Broken Object-Level Authorization (BOLA) vulnerability affecting Webkul Krayin CRM version 2.2.x. The vulnerability resides in the \u003ccode\u003e/Settings/UserController.php\u003c/code\u003e endpoint. An authenticated attacker can exploit this flaw by sending a crafted HTTP request. Successful exploitation allows the attacker to arbitrarily reset the passwords of other users, leading to complete account takeover. Given the potential for widespread compromise and data breaches, this vulnerability poses a critical risk to organizations using the affected Krayin CRM version. Publicly available information regarding exploitation is available on GitHub.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the Krayin CRM application with valid credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/Settings/UserController.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request is designed to reset the password of a target user, specifying the target user\u0026rsquo;s ID.\u003c/li\u003e\n\u003cli\u003eDue to the BOLA vulnerability, the application fails to properly validate if the authenticated user has the authorization to modify the target user\u0026rsquo;s password.\u003c/li\u003e\n\u003cli\u003eThe application resets the target user\u0026rsquo;s password using the attacker-supplied data.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the new password to log in to the target user\u0026rsquo;s account.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control over the target user\u0026rsquo;s account and data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-38529 allows attackers to compromise user accounts within a Webkul Krayin CRM v2.2.x instance. This can lead to unauthorized access to sensitive customer data, business records, and other confidential information. A successful attack could result in data breaches, financial loss, reputational damage, and legal liabilities. Given the potential for complete account takeover, the impact is considered critical for organizations using the vulnerable CRM.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a secure version of Krayin CRM that addresses CVE-2026-38529 as soon as it becomes available.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect Krayin CRM Password Reset via UserController\u003c/code\u003e to detect exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies within the Krayin CRM application to prevent unauthorized modification of user accounts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting the \u003ccode\u003e/Settings/UserController.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eEnable web server logging to capture detailed information about HTTP requests, including request parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T16:16:43Z","date_published":"2026-04-14T16:16:43Z","id":"/briefs/2026-04-krayin-bola/","summary":"CVE-2026-38529 is a Broken Object-Level Authorization (BOLA) vulnerability in Webkul Krayin CRM v2.2.x that allows authenticated attackers to reset user passwords and take over accounts.","title":"Webkul Krayin CRM BOLA Vulnerability (CVE-2026-38529)","url":"https://feed.craftedsignal.io/briefs/2026-04-krayin-bola/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-38529","version":"https://jsonfeed.org/version/1.1"}