[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php

PKSA-y1wv-79ht-f4db CVE-2026-38530 GHSA-rm5f-3c25-p4cw

Affected package: krayin/laravel-crm

Affected version: <=2.2.0

Reported by:
GitHub