## Daily CVE Report: Zero New Flaws Published, Yet High-Severity Vulnerabilities Loom in Webkul Krayin & Fortinet
A daily vulnerability report for April 15, 2026, reveals a significant anomaly: zero new CVEs were published in the last 24 hours, yet the report highlights a persistent landscape of high-severity, actively exploitable flaws. The highest CVSS score noted is a critical 9.9, underscoring the latent risk in existing systems despite the pause in new disclosures. This juxtaposition signals that the immediate threat environment is not defined by volume but by the potency of known, unpatched vulnerabilities.

The report details several specific HIGH-severity CVEs. CVE-2026-38529, with a CVSS score of 8.8, exposes a Broken Object-Level Authorization (BOLA) flaw in Webkul Krayin CRM v2.2.x. This vulnerability allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via the `/Settings/UserController.php` endpoint. Concurrently, CVE-2026-39815, also scoring 8.8, details an SQL injection vulnerability in Fortinet's FortiDDoS-F appliances (versions 7.2.1 through 7.2.2), which could permit unauthorized code execution. A third entry, CVE-2026-26167, points to a race condition flaw, though its description is truncated in the source.

This snapshot places intense pressure on security teams at organizations using Webkul Krayin CRM and Fortinet's FortiDDoS-F products. The absence of new CVEs does not equate to safety; instead, it shifts scrutiny to the patching and mitigation of these known, high-impact vulnerabilities. The specific targeting of CRM user authorization and network security appliance command injection suggests attackers are probing for critical weaknesses in business operations and infrastructure defense layers. The situation demands immediate prioritization of these existing patches over monitoring for new threats.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: Cybersecurity, Vulnerability Management, CRM Security, Network Appliances, Zero-Day
- **Credibility**: unverified
- **Published**: 2026-04-15 02:22:27
- **ID**: 64688
- **URL**: https://whisperx.ai/en/intel/64688