All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-51947
CRITICALpublished 2026-07-01 19:16 UTC · 3 days ago · modified 2026-07-02 17:47 UTC
9.8
CVSS / 10
// description
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
// weaknesses (CWE)
- CWE-502