HIGH🇬🇧 English

CVE-2026-29189

CVSS 8.1v3.1pub. 2026-03-20upd. 2026-03-23

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they should not have permission to interact with. Versions 7.15.1 and 8.9.3 patch the issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Suitecrm

    APP
    Suitecrm
    < 7.15.18.0.0 – 8.9.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-29103CRITICAL9.1PL ✓ten sam produkt

RCE w SuiteCRM — bypass patcha CVE-2024-49774 przez błąd w ModuleScanner

CVE-2026-33289HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-33288HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-29109HIGH8.6ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Vers...

CVE-2026-29097HIGH7.1ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Vers...