CVE-2026-29189

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Before versions 7.15.1 and 8.9.3, the REST API V8 lacks Access Control List (ACL) checks on several endpoints. This allows authenticated users to access and manipulate data they are not permitted to interact with. The API endpoints are affected. The vulnerable parameters or variables are not specified.

Recommendations Update to SuiteCRM version 7.15.1 or later. Update to SuiteCRM version 8.9.3 or later.