CVE-2026-33289

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A flaw exists in the authentication process where the application does not properly validate user-provided input before including it in the LDAP search filter. An attacker can inject LDAP control characters to manipulate the query logic, potentially leading to authentication bypass or information disclosure. The LDAP search filter is vulnerable to manipulation through injected control characters. The vulnerable component is the authentication flow.

Recommendations Versions prior to 7.15.1 should be updated to version 7.15.1 or later. Versions prior to 8.9.3 should be updated to version 8.9.3 or later.