CVE-2026-51947
CRITICALPivotal CRM 6.6.4.08 - Remote Code Execution via Pivotal.Engine.Client.Services.Conversion.dll
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2026-51947. PoCs published by timtimxs.
AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2026-51947, a regression vulnerability in Pivotal CRM where an incomplete patch for CVE-2026-39253 left deserialization vulnerabilities intact due to misconfigured JSON.NET settings. The advisory includes code snippets, payload examples, and patch details.
Description
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
Exploits (1)
This repository contains a detailed technical analysis of CVE-2026-51947, a regression vulnerability in Pivotal CRM where an incomplete patch for CVE-2026-39253 left deserialization vulnerabilities intact due to misconfigured JSON.NET settings. The advisory includes code snippets, payload examples, and patch details.
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H