Vendor
Vtiger CRM versions up to and including 8.4.0 are vulnerable to authenticated remote code execution (CVE-2026-23698), allowing administrator-level attackers to upload malicious PHP web shells via the ModuleManager import function, bypassing authentication and leading to persistent system compromise.