CVE-2026-32697

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 8.9.3

Description SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.9.3, the RecordHandler::getRecord() method retrieves records based on module and ID without verifying the current user’s access permissions for viewing. The saveRecord() method correctly checks access permissions for saving, but getRecord() bypasses the equivalent check for viewing. This could allow unauthorized access to sensitive information.

Recommendations Update to version 8.9.3 or later.