top of page
perceptive_background_267k.jpg

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 18:02:45

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

A critical remote code execution vulnerability has been identified in Twenty CRM version 1.15.0 and earlier versions. The vulnerability exists in the local.driver.ts module and allows remote attackers to execute arbitrary code on affected systems. This represents a high-severity security flaw that could enable complete system compromise. The vulnerability affects all versions up to and including v1.15.0 of the Twenty CRM application. Proof-of-concept code and detailed analysis have been published, increasing the risk of exploitation.

Technical details

Mitigation steps:

Affected products:

Twenty CRM

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-26720
https://dillonkirsch.com/post/locally_hosted_twenty_rce_cve_2026_26720/
https://github.com/dillonkirsch/CVE-2026-26720-Twenty-RCE
https://twenty.com

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page