CVE-2026-29102

SuiteCRM has Authenticated RCE in Modules

CVSS 7.2 HIGHEPSS 0.5%CWE-94

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

SuiteCRM · SuiteCRM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.suitecrm.com/admin/releases/7.15.x https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-mr5v-wcgr-98qr