HIGH🇵🇱 Wersja polska

CVE-2026-29189

CVSS 8.1v3.1pub. 2026-03-20upd. 2026-03-23

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they should not have permission to interact with. Versions 7.15.1 and 8.9.3 patch the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Suitecrm

    APP
    Suitecrm
    < 7.15.18.0.0 – 8.9.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-29103CRITICAL9.1PL ✓ten sam produkt

RCE w SuiteCRM — bypass patcha CVE-2024-49774 przez błąd w ModuleScanner

CVE-2026-33289HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-33288HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-29109HIGH8.6ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Vers...

CVE-2026-29097HIGH7.1ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Vers...