{"vulnerability": "CVE-2026-38526", "sightings": [{"uuid": "9c7d21b8-a387-4142-9277-186480e8c762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mjhtg4gn2c2h", "content": "", "creation_timestamp": "2026-04-14T16:46:45.958546Z"}, {"uuid": "ec575ee1-5514-4821-8628-3c7dc6d440a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjhudxtjxx2r", "content": "", "creation_timestamp": "2026-04-14T17:03:26.821863Z"}, {"uuid": "ef8a52b1-e4ed-4919-b444-65b2945d8073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mjmwfyhrxj2y", "content": "", "creation_timestamp": "2026-04-16T17:23:41.277567Z"}, {"uuid": "2562eec5-841e-43cd-b298-49c2f4adc2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/84491", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NathanHimself\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-16 18:51:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-16T19:00:04.000000Z"}, {"uuid": "17504a81-4511-4d3b-b1f9-f4c1aabe19dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/zkN_d7DvYtAYIH-6hfGzMb7bnbX9u5N4FtNXH9OZZIH62cE", "content": "", "creation_timestamp": "2026-05-16T23:00:12.000000Z"}, {"uuid": "7929e417-4ddd-44b7-a4ea-3724d3feb79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/r_bAOSbZBMNQIGHLT7RjG5YNnJQWH0p2e4qQqYgmX_E8BDM", "content": "", "creation_timestamp": "2026-05-17T03:00:05.000000Z"}, {"uuid": "ca4f44c9-a608-42e9-9db9-3540179e5500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92959", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-PoC-htb-nexus-\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Resolvdd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:57:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.801677Z"}, {"uuid": "2c214e7d-369d-45d8-9c58-a89394efd124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92972", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-PoC-htb-nexus\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Resolvdd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 12:35:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.938797Z"}, {"uuid": "040b9a2b-5818-4f86-a98b-c06251c95977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92539", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a b0nyo\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 15:57:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAutomated exploit for Krayin CRM \u2264 2.2.x.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:07.171153Z"}, {"uuid": "982137c5-b3b6-4586-b38e-7ee341040a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92253", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-Exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a diamorphine666\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-06 21:31:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:10.879104Z"}, {"uuid": "5e9a50cf-eb0e-41c5-8f28-ed56b81dba34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/90476", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pawpic\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-24 22:46:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nProof of Concept of CVE-2026-38526 in Krayin CRM &lt;= v2.2.x. Arbitrary File Upload leading to Remote Code Execution\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:19.258511Z"}, {"uuid": "71af15bb-35d9-4c13-ab4c-150533afd8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92539", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a b0nyo\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 15:57:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAutomated exploit for Krayin CRM \u2264 2.2.x.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:10.400796Z"}, {"uuid": "2bb4a7b6-2542-4ba5-b3fe-7b1b313c00a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92959", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-PoC-htb-nexus-\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Resolvdd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:57:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:08.090848Z"}, {"uuid": "d6265038-4611-4ff5-9d2e-7c4767ac7927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92972", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-PoC-htb-nexus\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Resolvdd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 12:35:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:07.958355Z"}, {"uuid": "07ac7ebd-3db2-4c2d-89d8-f6c18f9c1266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/92253", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-Exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a diamorphine666\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-06 21:31:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:19.356022Z"}, {"uuid": "f5d77375-71fe-46d5-aea0-32ac4d00e551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/90476", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pawpic\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-24 22:46:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nProof of Concept of CVE-2026-38526 in Krayin CRM &lt;= v2.2.x. Arbitrary File Upload leading to Remote Code Execution\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:35.459990Z"}, {"uuid": "7643c095-21e4-4b2c-8297-1c1b2390c203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116920930178836537", "content": "\u203c\ufe0fKrayin CRM v2.2.x Authenticated Remote Code Execution Exploit (CVE-2026-38526)\nPoC: https://github.com/CerberusMrXi/KrayinCRM-RCE-Exploit-CVE-2026-38526", "creation_timestamp": "2026-07-14T23:30:11.575338Z"}, {"uuid": "399be5ec-b4a2-4840-919f-181fbc7d5397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/90476", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pawpic\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-24 22:46:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nProof of Concept of CVE-2026-38526 in Krayin CRM &lt;= v2.2.x. Arbitrary File Upload leading to Remote Code Execution\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:20.493087Z"}, {"uuid": "e4e50a35-35fb-48ed-b0a6-7717897260f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92253", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526-Exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a diamorphine666\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-06 21:31:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:30.889216Z"}, {"uuid": "352047f8-1dd8-48b8-9edb-3b68f67faa1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92539", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-38526\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a b0nyo\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-08 15:57:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAutomated exploit for Krayin CRM \u2264 2.2.x.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:33.186539Z"}, {"uuid": "09e9ded5-4e12-423d-a9eb-7c6d73885920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "https://t.me/GithubRedTeam/93294", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a KrayinCRM-RCE-Exploit-CVE-2026-38526\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a CerberusMrXi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-13 21:44:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-38526 exploit for Krayin CRM v2.2.x - Authenticated RCE via TinyMCE file upload bypass. Features interactive shell, multi-type payloads, auto shell generation, and verification. Author: Sudeepa Wanigarathna. For authorized testing only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:07.089869Z"}, {"uuid": "640baf7f-991a-477a-9759-4a2c1bc863c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/rzOfTwe8eB9ybJEZYSRkYBDnZgFIVqc_go-qqwc6_jvGBRs", "content": "", "creation_timestamp": "2026-07-16T19:00:08.187708Z"}, {"uuid": "437aeda9-8974-41cc-b89f-23a765122a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/ebH1a5NEotKwG91diqH39hoyWyfpt3aLkL269Yr45ItICbU", "content": "", "creation_timestamp": "2026-07-16T19:00:08.336211Z"}, {"uuid": "ca05beda-aed7-425f-820b-41b3c4b9b421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/acoq7B5kao02hcWMbTCcOql7Y5GDsmlcUhVROg4RXe2uE4I", "content": "", "creation_timestamp": "2026-07-16T19:00:09.999925Z"}, {"uuid": "1f362f14-129d-451b-8696-1a99932b08d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/WJgDEVvvwZT8TXY2pma_02HCN-ESFf4o1lNskkGLthlTjbc", "content": "", "creation_timestamp": "2026-07-16T19:00:16.331930Z"}, {"uuid": "fefe7eb7-9d90-4b2b-ad7d-4840fb517f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/8xuhxObjAFcuRvwDX0OGu_8n65FVPMNoWE2rdDkez26ISk4", "content": "", "creation_timestamp": "2026-07-16T19:00:16.576011Z"}, {"uuid": "59ea6d5c-908e-4488-93b0-197e1b79c9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/ANdWwAFkpLQfM-X2aYZEZtkv6K_eIQ1otZUE6tWGKBHzleA", "content": "", "creation_timestamp": "2026-07-16T19:00:20.209542Z"}, {"uuid": "fa9a1c10-a931-49dc-86f1-40b9131e8ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/Z_LovNj_LGg89Xdb85Ncg0gPVvljsBTAp4HPBtfrCi2Mibg", "content": "", "creation_timestamp": "2026-07-16T19:00:20.370235Z"}, {"uuid": "adbaf17d-da80-4a12-8a40-2a252fabd37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/NYIVWEz-EsB8ef7TazBMjtaMuwPshfSztf-SWjeg1CPetB0", "content": "", "creation_timestamp": "2026-07-16T19:00:11.836895Z"}, {"uuid": "4fb0feb3-481d-4e47-97a9-8812f6533a95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/VUu0fqQ7rcdyvOW-H7Wu47NspWJgobhVReaY3yiN0ecBUoE", "content": "", "creation_timestamp": "2026-07-16T19:00:11.881022Z"}, {"uuid": "7ce906a7-f6e2-4e1b-ad48-f7e850dcb091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/WeXF-6V6sncfxR6FjzkithcuE9XgHphFmPuJJRHtMkMDsoQ", "content": "", "creation_timestamp": "2026-07-16T19:00:20.173329Z"}, {"uuid": "2033c3f7-3102-4324-8aea-d3a63e1952ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/YXp3PmsKI-RtSlTiFx3LPWyL-Cii7iOu_xJp1uY-0uO5YWA", "content": "", "creation_timestamp": "2026-07-16T19:00:20.729390Z"}, {"uuid": "11f9eff3-e6c2-49cd-9aaf-336d0f2ee057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/acoq7B5kao02hcWMbTCcOql7Y5GDsmlcUhVROg4RXe2uE4I", "content": "", "creation_timestamp": "2026-07-17T00:00:08.262716Z"}, {"uuid": "e0cc4511-a990-40ff-a92b-c1f84a10dc2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/rzOfTwe8eB9ybJEZYSRkYBDnZgFIVqc_go-qqwc6_jvGBRs", "content": "", "creation_timestamp": "2026-07-17T00:00:08.965894Z"}, {"uuid": "86adb0cf-9c97-466b-a372-3068b56b89b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/ebH1a5NEotKwG91diqH39hoyWyfpt3aLkL269Yr45ItICbU", "content": "", "creation_timestamp": "2026-07-17T00:00:09.573565Z"}, {"uuid": "0972af2c-8af5-474c-8f73-32c17efa22b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/NYIVWEz-EsB8ef7TazBMjtaMuwPshfSztf-SWjeg1CPetB0", "content": "", "creation_timestamp": "2026-07-17T00:00:27.321931Z"}, {"uuid": "69b6a2c9-a1be-4d71-be17-19abf29e5e3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/WeXF-6V6sncfxR6FjzkithcuE9XgHphFmPuJJRHtMkMDsoQ", "content": "", "creation_timestamp": "2026-07-17T00:00:36.532564Z"}, {"uuid": "7ee1cd1e-9516-40cb-adc9-381463b8b6a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/VUu0fqQ7rcdyvOW-H7Wu47NspWJgobhVReaY3yiN0ecBUoE", "content": "", "creation_timestamp": "2026-07-17T00:00:27.365775Z"}, {"uuid": "0f47b9cf-ae47-4cf7-8a43-ed0c54759673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/WJgDEVvvwZT8TXY2pma_02HCN-ESFf4o1lNskkGLthlTjbc", "content": "", "creation_timestamp": "2026-07-17T00:00:31.791448Z"}, {"uuid": "7d1da3bf-c841-4c6d-98d9-bfc935cb32f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/8xuhxObjAFcuRvwDX0OGu_8n65FVPMNoWE2rdDkez26ISk4", "content": "", "creation_timestamp": "2026-07-17T00:00:32.020842Z"}, {"uuid": "79ffa645-60c9-4a11-95cd-9ac504659ca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/ANdWwAFkpLQfM-X2aYZEZtkv6K_eIQ1otZUE6tWGKBHzleA", "content": "", "creation_timestamp": "2026-07-17T00:00:36.581809Z"}, {"uuid": "6fe1e239-c1b6-426b-8040-0c30fd6534ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/Z_LovNj_LGg89Xdb85Ncg0gPVvljsBTAp4HPBtfrCi2Mibg", "content": "", "creation_timestamp": "2026-07-17T00:00:36.758635Z"}, {"uuid": "b3f1b5c0-c148-404d-9e93-ef3e3f768e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "seen", "source": "Telegram/YXp3PmsKI-RtSlTiFx3LPWyL-Cii7iOu_xJp1uY-0uO5YWA", "content": "", "creation_timestamp": "2026-07-17T00:00:37.133288Z"}, {"uuid": "6e39c640-c238-43af-8961-760ac00a2c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93294", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a KrayinCRM-RCE-Exploit-CVE-2026-38526\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a CerberusMrXi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-13 21:44:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-38526 exploit for Krayin CRM v2.2.x - Authenticated RCE via TinyMCE file upload bypass. Features interactive shell, multi-type payloads, auto shell generation, and verification. Author: Sudeepa Wanigarathna. For authorized testing only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:49.706435Z"}, {"uuid": "41f3f106-a3fd-4440-b025-bc72e6490557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/YXp3PmsKI-RtSlTiFx3LPWyL-Cii7iOu_xJp1uY-0uO5YWA", "content": "", "creation_timestamp": "2026-07-18T00:00:23.592577Z"}, {"uuid": "f286d5a6-8d7e-4ca2-8fa5-bd8c96308251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/WeXF-6V6sncfxR6FjzkithcuE9XgHphFmPuJJRHtMkMDsoQ", "content": "", "creation_timestamp": "2026-07-18T00:00:23.670088Z"}, {"uuid": "de8795e0-8d81-45b5-88d6-8bf293992c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/Z_LovNj_LGg89Xdb85Ncg0gPVvljsBTAp4HPBtfrCi2Mibg", "content": "", "creation_timestamp": "2026-07-18T00:00:23.920045Z"}, {"uuid": "a06358cb-7441-41dd-bbcd-7c2ba5f80d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/ANdWwAFkpLQfM-X2aYZEZtkv6K_eIQ1otZUE6tWGKBHzleA", "content": "", "creation_timestamp": "2026-07-18T00:00:24.023409Z"}, {"uuid": "86d49654-8723-4ab7-a9d2-49cb395ad81d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/8xuhxObjAFcuRvwDX0OGu_8n65FVPMNoWE2rdDkez26ISk4", "content": "", "creation_timestamp": "2026-07-18T00:00:33.898732Z"}, {"uuid": "7c46e5d1-4312-4e29-859d-dd8863a02df9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/NYIVWEz-EsB8ef7TazBMjtaMuwPshfSztf-SWjeg1CPetB0", "content": "", "creation_timestamp": "2026-07-18T00:00:44.859334Z"}, {"uuid": "8011c35b-7335-4420-be93-c62a137c0ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/VUu0fqQ7rcdyvOW-H7Wu47NspWJgobhVReaY3yiN0ecBUoE", "content": "", "creation_timestamp": "2026-07-18T00:00:44.941395Z"}, {"uuid": "feee7077-18ff-4c42-aff2-275d8635a8e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-38526", "type": "published-proof-of-concept", "source": "Telegram/WJgDEVvvwZT8TXY2pma_02HCN-ESFf4o1lNskkGLthlTjbc", "content": "", "creation_timestamp": "2026-07-18T00:00:40.923907Z"}]}