[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php

PKSA-5xsp-55yb-hdyp CVE-2026-38529 GHSA-r8rp-5f55-5j9x

Affected package: krayin/laravel-crm

Affected version: <=2.2.0

Reported by:
GitHub