CVE Catalog

CVE-2026-51947

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.57%

43th percentile — higher than 43% of all known CVEs

Summary

A vulnerability in Pivotal CRM 6.6.4.08 and systems with patch ghi-15381-cwe-502-20251225.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. This issue exists due to an incomplete fix for CVE-2026-39253.

Risk Assessment

An attacker can remotely take over the CRM system, compromising the confidentiality, integrity, and availability of organizational data.

Recommendation

Immediately upgrade Pivotal CRM to version 6.6.5.10 or apply the Patch_CWE502_20260316.zip.

Original NVD description (English source)

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS