All 5 CVE vulnerabilities found in chatwoot, with AI-generated Chinese analysis, references, and POCs.
Vendor: chatwoot
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5205 | chatwoot Webhook API trigger.rb Trigger server-side request forgery CWE-918 | 6.3 | Medium | 2026-03-31 |
| CVE-2026-4990 | chatwoot Signup Endpoint login improper authorization CWE-285 | 7.3 | High | 2026-03-27 |
| CVE-2025-12246 | chatwoot Admin IframeLoader.vue cross site scripting CWE-79 | 4.3 | Medium | 2025-10-27 |
| CVE-2025-12245 | chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation CWE-346 | 5.3 | Medium | 2025-10-27 |
| CVE-2025-21628 | Chatwoot has a Blind SQL-injection in Conversation and Contacts filters CWE-89 | 9.1 | Critical | 2025-01-09 |
All 5 known CVE vulnerabilities affecting chatwoot with full Chinese analysis, references, and POCs where available.