All 5 CVE vulnerabilities found in WukongCRM, with AI-generated Chinese analysis, references, and POCs.
Vendor: WuKongOpenSource
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2141 | WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization CWE-285 | 6.3 | Medium | 2026-02-08 |
| CVE-2025-8852 | WuKongOpenSource WukongCRM API Response upload information exposure CWE-209 | 4.3 | Medium | 2025-08-11 |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery CWE-352 | 4.3 | Medium | 2025-06-16 |
| CVE-2025-5879 | WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting CWE-79 | 3.5 | Low | 2025-06-09 |
| CVE-2025-5521 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery CWE-352 | 4.3 | Medium | 2025-06-03 |
All 5 known CVE vulnerabilities affecting WukongCRM with full Chinese analysis, references, and POCs where available.