CVE-2026-29097

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3

Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability combined with a Denial of Service (DoS) condition in the RSS Feed Dashlet component. A Server-Side Request Forgery (SSRF) occurs when an application allows an attacker to make requests to unintended locations. This can be used to access internal resources or perform actions on behalf of the server. A Denial of Service (DoS) condition occurs when a system is made unavailable to legitimate users.

Recommendations Update SuiteCRM to version 7.15.1 or later. Update SuiteCRM to version 8.9.3 or later.