CVE-2026-29107

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, it was possible to create PDF templates containing <img> tags. When a PDF is exported using these templates, the content is rendered server-side, leading to a Server-Side Request Forgery (SSRF). Specifically, a crafted <img> tag, such as <img src=http://{burp collaborator url}>, causes the server to make a request to the specified URL.

Recommendations Update SuiteCRM to version 7.15.1 or later. Update SuiteCRM to version 8.9.3 or later.