CVE-2026-51947
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
A vulnerability in Pivotal CRM 6.6.4.08 and systems with patch ghi-15381-cwe-502-20251225.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. This issue exists due to an incomplete fix for CVE-2026-39253.
Risk Assessment
An attacker can remotely take over the CRM system, compromising the confidentiality, integrity, and availability of organizational data.
Recommendation
Immediately upgrade Pivotal CRM to version 6.6.5.10 or apply the Patch_CWE502_20260316.zip.
Original NVD description (English source)
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.

