An honest look at an ambitious open-source experience operating system — and why “XOS” is harder to ship than it sounds.

TL;DR

What it is: Open-source (AGPL v3) “Experience Operating System” that tries to replace HubSpot, Zendesk, Linear, and Wix in a single self-hosted deployment [GitHub README].
Who it’s for: Mid-size companies, agencies, and technical teams who want a unified CRM + support + marketing + operations platform and have the DevOps capacity to run MongoDB, Redis, and Elasticsearch [README][5].
Cost savings potential: HubSpot Professional runs $800–$3,200/month. Erxes community edition is free software — but the infrastructure to run it costs real money and effort, and several high-value plugins require a paid Enterprise license [pricing page][README].
Key strength: Plugin architecture is genuinely modular. You only install what you need, and the plugin marketplace covers CRM, helpdesk, sales pipeline, marketing automation, and more [README][5].
Key weakness: Security track record has a real blemish — Sonar Research found critical authentication bypass and path traversal vulnerabilities in the microservices layer (fixed in 1.6.3, but the root cause reflects architectural risk) [4]. Setup requires MongoDB + Redis + Elasticsearch, which is a bigger infrastructure surface than most self-hosted tools in this space.

What is Erxes

Erxes (pronounced “erk-sis,” Mongolian for “galaxy”) calls itself an Experience Operating System, or XOS. The GitHub description is the most useful pitch: “unifies marketing, sales, operations, and support — run your core business seamlessly while replacing HubSpot, Zendesk, Linear, Wix and more.” [README] That’s a big claim, and the architecture exists to at least attempt it.

The platform is built as two layers. The Core ships five modules with every install: My Inbox, Contacts, Products, Segments, Automation, and Documents. On top of that sits a plugin system where you install only the pieces you need from a marketplace [README]. Current plugin families include Frontline (omnichannel support), Sales (pipeline, leads, forms), Operation (project management, task tracking), Marketing, Commerce, and Content [homepage]. The content management, accounting, and tourism plugins are labeled “EE License Only” — meaning they require a paid Enterprise license, not the open-source AGPLv3 core [README].

The tech stack is not small: the system depends on MongoDB, Redis, and Elasticsearch, with a GraphQL Federation layer tying together multiple microservices [profile, README]. This is an enterprise-class architecture, and it brings enterprise-class operational overhead.

As of this review, the project sits at 3,915 GitHub stars with 1,249 forks [2][3]. That’s modest compared to alternatives like Twenty (44,500+ stars) or Odoo (50,000+ stars) — which is worth noting when evaluating community momentum and long-term support.

Why people choose it

The primary use case is avoiding the HubSpot bill. HubSpot’s free tier is genuinely limited, and the moment you need automation, reporting, or more than a handful of seats, you’re looking at Starter ($45/mo), Professional ($800/mo), or Enterprise ($3,200/mo). Salesforce is more expensive. Zendesk for support adds another $55–$115/seat/month on top. Companies stacking these tools can easily pass $2,000–$5,000/month [5][2].

Erxes’ pitch is that it replaces the entire stack with one self-hosted platform [README][5]. DueDash, in a partnership announcement, describes it as “an all-in-one solution for sales, marketing, and customer service teams” that lets you “merge all your marketing, sales and customer service tools and replace 3–5 tools with a single platform” [5]. That’s the argument — pay once to deploy, eliminate recurring SaaS fees across multiple vendors.

The secondary reason people choose it is data sovereignty. The README emphasizes “100% privacy — we’ve designed the erxes platform to retain complete control over your company’s sensitive data with no third-party monitoring” [README]. For businesses in regulated industries or those handling sensitive customer data, keeping all CRM, support, and marketing data on-premises is a meaningful benefit.

openalternative.co consistently places Erxes in the list of open-source alternatives to HubSpot, Salesforce, Pipedrive, and Attio [2][3]. It’s in the same shortlist as Twenty, Krayin, Odoo, and Frappe CRM — though it’s the only one attempting the full XOS breadth rather than focusing on CRM alone.

Features

Based on the README and DueDash’s feature breakdown:

Core modules (included with all installs):

Contacts — unified contact and company database [README]
Automation — trigger-based workflow builder (segments + actions) [README][5]
My Inbox — personal task and notification center [README]
Products — product catalog [README]
Documents — internal document management [README]

Frontline plugin (customer support):

Team Inbox combining live chat, email, in-app messaging, forms — “real-time client and team communication” [5]
Response templates, customer feedback capture [5]
Omnichannel: messenger, email, SMS in one queue [README]

Sales plugin:

Kanban-style sales pipeline with drag-and-drop stages [5]
Lead capture via landing pages, forms, pop-ups, or embeds [README]
Full pipeline tracking from visit to close [5]

Marketing (Engage):

Email, SMS, messenger, and pop-up campaigns [5]
Segment-based automated message sequences [5]
Lead-to-customer conversion workflows [5]

Operation plugin:

Task management with cross-team visibility [5]
Project tracking, cycle management, resource planning [README]

Growth Hacking module:

Pre-built growth experiment templates [5]
ICE, RICE, PIE scoring models for prioritization [5]
Centralized experiment dashboard [5]

Platform-level:

REST API [profile canonical features]
Docker / Docker Compose deployment [profile]
Plugin marketplace at erxes.io/marketplace [README]
Contribution framework for custom plugins [1]

Gated behind Enterprise license:

Content plugin (headless CMS, e-commerce, help center) [README]
Accounting plugin [README]
Tourism / booking management [README]

The breadth is real. The depth of any individual module is shallower than a dedicated point solution. The Sales pipeline won’t match Pipedrive’s nuance. The helpdesk won’t match Zendesk’s SLA tooling. The value proposition is consolidation, not best-in-class execution in any single domain.

Pricing: SaaS vs self-hosted math

Erxes does not publish specific per-seat or per-feature pricing on its website for the enterprise tier — the pricing page links to individual product sections with “Request Demo” CTAs rather than a clear price table. This is the classic enterprise pricing playbook: if you have to ask, you’re already in a sales call [pricing page].

What is clear:

Community Edition (self-hosted):

Software: free under AGPL v3 [README]
Infrastructure: non-trivial. You need MongoDB, Redis, and Elasticsearch alongside the main application containers
A realistic VPS setup for a small company (say, 20–50 users) requires at minimum 8–16 GB RAM and a multi-core server — figure $40–$80/month on Hetzner or DigitalOcean for a dedicated node, or $20–$40 if you’re running it alongside other services

Enterprise Edition:

Contact sales; pricing is custom [pricing page]
Required for the Content, Accounting, and Tourism plugins [README]
Required for higher-trust support, custom development, dedicated installation [5]

SaaS / Cloud tier (“erxes platform edition”):

Start free, scale up individual features [5]
Exact feature limits and overage pricing not publicly disclosed

The math that matters for a $2,000/month SaaS stack:

If you’re currently paying $800/month for HubSpot Professional + $400/month for Zendesk Team (5 seats) + $200/month for a project management tool, that’s $1,400/month or $16,800/year. Running Erxes Community on a $60/month dedicated server brings that to $720/year — a theoretical saving of ~$16,000/year before your time is factored in [5][README].

Whether that math holds depends entirely on whether you have the technical capacity to deploy and maintain the stack. It doesn’t hold if you spend 40 hours a year maintaining infrastructure instead of building product.

Deployment reality check

This is where the gap between Erxes and simpler self-hosted tools becomes most visible.

The official deployment path uses Docker Compose. The dependencies are:

MongoDB (database)
Redis (queues and caching)
Elasticsearch (search across contacts, conversations, products)
The core Erxes application
Each installed plugin as a separate service

That’s a minimum of 5–7 running containers for a basic install, and each plugin you add increases the surface area. Elasticsearch alone typically wants 2–4 GB of heap. This is not a “$5 VPS + docker run” story — it’s a real multi-service deployment closer to running Gitlab or Nextcloud than running something like Plausible or Umami [README][4].

The Sonar Security research article [4] adds an important deployment-specific concern: in the official deployment configuration (pre-1.6.3), the microservices communicated via trust-based user headers with no HMAC signing. An attacker who reached any internal service could impersonate any user — a critical authentication bypass. A second vulnerability allowed path traversal via the /read-file endpoint to leak environment variables, including authentication secrets. The combination enabled full instance takeover by an unauthenticated remote attacker [4].

Both vulnerabilities are fixed in 1.6.3, and Sonar credits the erxes team with responding quickly [4]. But the root cause — inter-service trust without cryptographic validation — “teams using similar inter-service header trust patterns should add HMAC signing” [4] — reflects a structural architectural choice that took years and an external researcher to surface. For a platform handling CRM and customer data, that’s a sobering data point.

Realistic setup time for a technical user: 3–6 hours for a working Docker Compose install with all dependencies. For anyone unfamiliar with MongoDB ops or Elasticsearch configuration, budget a full day or more.

Pros and Cons

Pros

Genuine breadth. CRM, support inbox, sales pipeline, marketing automation, project management, and content (EE) — few open-source platforms attempt this scope [README][5].
Plugin architecture is actually modular. You don’t install the full stack if you don’t need it. The marketplace approach lets you start with just CRM and add operations later [README].
AGPL v3 license on the core. Freely self-hostable, source-available, no vendor lock-in for the community edition [README].
Data sovereignty. No third-party monitoring, all data stays on your infrastructure [README][5].
Growth Hacking module is unusual. ICE/RICE/PIE experiment scoring and pre-built templates aren’t common in open-source CRM platforms [5].
REST API included. External integrations and automation are first-class, not afterthoughts [profile].
Omnichannel inbox (email, live chat, SMS, messenger) in one queue is a real productivity feature for support teams [5][README].

Cons

Serious security vulnerabilities in the microservices layer. Critical auth bypass and path traversal found by Sonar Research, exploitable pre-1.6.3. Fixed, but the root cause (inter-service header trust without signing) reveals architectural risk in a complex distributed system [4].
Heavy infrastructure footprint. MongoDB + Redis + Elasticsearch is a non-trivial ops burden. This isn’t a one-click deploy [README][profile].
Key plugins are Enterprise-license only. The Content plugin (headless CMS, e-commerce, help center), Accounting, and Tourism are not part of the AGPLv3 community edition [README]. That’s a significant portion of the advertised “replaces X” scope.
Pricing for Enterprise tier is opaque. No public pricing means you’re in a sales process before you know if it’s affordable [pricing page].
Relatively modest GitHub traction. 3,915 stars vs. Twenty (44,500), Odoo (50,000+), or even Krayin (22,000+) [2][3]. Smaller community means fewer contributed integrations, fewer StackOverflow answers, slower bug discovery.
Scope is a double-edged sword. A platform trying to replace HubSpot, Zendesk, Linear, and Wix simultaneously is likely to be shallower than dedicated tools in each category.
No publicly documented setup complexity guidance. The contribution docs assume familiarity with the architecture [1].

Who should use this / who shouldn’t

Use Erxes if:

You’re a technical team (or have a DevOps-capable person on staff) currently paying $1,000+/month for a combination of HubSpot, Zendesk, and project management tools.
You want a single self-hosted platform to consolidate customer-facing workflows and you’re willing to run MongoDB + Elasticsearch in exchange.
Data sovereignty is a hard requirement — regulated industry, sensitive B2B data, or GDPR compliance on-premises.
You want a plugin-based architecture where you control exactly what’s installed and running.

Skip it (try Twenty or Frappe CRM instead) if:

You only need a CRM without the helpdesk and marketing automation surface. Twenty and Frappe CRM are leaner, have better GitHub momentum, and don’t require Elasticsearch [2][3].
You’re a solo founder or tiny team. The infrastructure overhead doesn’t justify the savings until you’re replacing at least $500–$800/month of SaaS spend.

Skip it (stay on HubSpot) if:

You have fewer than 5 users and the HubSpot free tier covers you.
You don’t have anyone who can troubleshoot a Docker Compose stack.
You need the absolute deepest sales automation tooling — HubSpot’s sequences, reporting, and integrations are still ahead of what any self-hosted option delivers today.

Skip it (try Odoo) if:

You need ERP-grade financials alongside CRM. Odoo has 50,000+ stars, a mature accounting module in the open-source tier, and a larger community [3].

Alternatives worth considering

From the openalternative.co comparisons and the README’s own “replaces” list:

Twenty — modern open-source CRM (44,500+ stars), developer-friendly, much simpler to self-host, focused on contacts and deals rather than the full XOS scope [2][3].
Krayin — Laravel-based open-source CRM, MIT-licensed, 22,000+ stars, solid for pure sales CRM use cases [2].
Frappe CRM — clean, minimal open-source CRM built on the Frappe framework (same team as ERPNext), good UI, active development [2][3].
Odoo — the most complete open-source business suite. More complex, heavier, but better coverage of ERP + CRM + accounting [3]. MIT-core, community edition free.
HubSpot — the incumbent. Free tier is genuinely useful, paid tiers are expensive at scale. Closed source, but class-leading UX and integrations.
Zoho CRM — cheaper than HubSpot, closed source, but strong mid-market alternative for teams not committed to self-hosting.
EspoCRM — purpose-built open-source CRM, lighter weight than Erxes, simpler ops [2].

For a non-technical founder primarily trying to escape HubSpot bills, the realistic shortlist is Twenty vs. Frappe CRM vs. Erxes. Twenty wins on simplicity and community momentum. Erxes wins if you genuinely need the helpdesk + marketing automation scope in a single platform.

Bottom line

Erxes is an honest attempt at something genuinely hard: a single self-hosted platform that replaces the HubSpot + Zendesk + project-management SaaS stack. The plugin architecture is well-designed, the feature breadth is real, and for a technical team currently burning $2,000+/month across multiple vendors, the economics make sense on paper.

The honest caveats are harder to hand-wave. The infrastructure requirement (MongoDB + Redis + Elasticsearch) is meaningfully heavier than the typical self-hosted CRM. The critical security vulnerabilities found by Sonar Research [4] — while patched — reflect the architectural complexity risk of a microservices platform where inter-service trust assumptions can cascade into full compromise. And a significant portion of the “all-in-one” pitch lives behind an Enterprise license, not the AGPL community edition.

If you have a DevOps-capable engineer, a real multi-tool SaaS bill to eliminate, and the patience to run a distributed system, Erxes is worth evaluating. If you’re a non-technical founder looking for a clean self-hosted CRM, start with Twenty or Frappe CRM first — and come back to Erxes when the scope justifies the ops weight.

Sources

erxes Documentation — Contribute to Codebase. https://docs.erxes.io/contribute-codebase
openalternative.co — Krayin: Open Source Alternative to HubSpot, Attio and Salesforce (includes Erxes in related projects listing). https://openalternative.co/krayin
openalternative.co — 8 Best Open Source Pipedrive Alternatives in 2026 (Erxes listed as Pipedrive alternative). https://openalternative.co/alternatives/pipedrive
Paul Gerste, Sonar Source — “Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes’ Microservices” (March 21, 2024). https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/
DueDash — “erxes - Grow your business better and faster” (partnership announcement with feature breakdown). https://duedash.com/erxes-grow-your-business-better-and-faster/

Primary sources:

GitHub repository and README: https://github.com/erxes/erxes (3,915 stars, AGPL v3 license)
Official website: https://erxes.io
Pricing page: https://erxes.io/pricing/self-service/frontline
Plugin marketplace: https://erxes.io/marketplace
Documentation: https://erxes.io/docs/introduction

Features

Integrations & APIs

Plugin / Extension System
REST API

Replaces

Compare Erxes

Erxes vs

Twenty

Both are crm tools. Erxes has 3 unique features, Twenty has 1.

Related CRM & Sales Tools

View all 30 →

Odoo

50K

All-in-one business suite covering CRM, ERP, accounting, inventory, eCommerce, HR, and 80+ apps. Open-source alternative to SAP, Salesforce, and QuickBooks.

crm

Twenty

41K

Twenty is a modern, open-source CRM that gives you full control over your customer data — a self-hosted alternative to Salesforce and HubSpot with a beautiful UI and extensible architecture.

crm