CVE-2026-51947
CVE-2026-51947
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 0.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
01 Jul 2026Published on NVD
01 Jul 2026Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/timtimxs/CVE-2026-51947-Advisory★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.