CVE-2026-51947
Received
Received - Intake
Deserialization Vulnerability in Pivotal CRM
Vulnerability report for CVE-2026-51947, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-01
Last updated on: 2026-07-01
Assigner: MITRE
Description
Description
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pivotal | pivotal_crm | 6.6.4.08 |
| pivotal | pivotal_crm | 6.6.5.10 |
| pivotal | pivotal_crm | From 6.6.5.10 (inc) |
| pivotal | pivotal_crm | to 6.6.5.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |