CVE-2026-29108

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 8.9.3

Description SuiteCRM is a customer relationship management software application. An authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and multi-factor authentication (MFA) configuration. Because any authenticated user can query this endpoint, it is possible to retrieve and potentially crack the passwords of administrative users. The vulnerable API endpoint allows unauthorized access to sensitive user data.

Recommendations Update to version 8.9.3 or later.