If you believe you have discovered a vulnerability in EspoCRM, please contacts us via this or this forms. Or create a private vulnerability report on GitHub.

Low-effort, LLM-generated reports are not allowed. In such cases, if it is evident that the author does not understand the subject they submitted, the account will be blocked.

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version.