CVE-2026-29109

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 8.9.3

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization issue in the SavedSearch filter processing component. This allows an authenticated administrator to execute arbitrary system commands on the server. The FilterDefinitionProvider.php file calls the unserialize() function on user-controlled data from the saved search.contents database column without restricting instantiable classes.

Recommendations Update to SuiteCRM version 8.9.3 or later.