CVE-2026-33740 | EspoCRM up to 9.3.3 Endpoint /api/v1/Email/importEml fileId authorization (GHSA-wr7j-hxf8-hc4w)

A vulnerability classified as critical has been found in EspoCRM up to 9.3.3. This issue affects some unknown processing of the file /api/v1/Email/importEml of the component Endpoint. The manipulation of the argument fileId leads to authorization bypass.

This vulnerability is documented as CVE-2026-33740. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More