CVE-2026-29189HIGH 8.1EPSS p23.7%

CVE-2026-29189CVE-2026-29189

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they should not have permission to interact with. Versions 7.15.1 and 8.9.3 patch the issue.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.32% probability of exploitation · percentile 23.7% · 2026-06-19T12:03:05Z
Published2026-03-20
Last modified2026-03-23

Underlying weaknesses· 1

CWE-639

References

  1. https://docs.suitecrm.com/admin/releases/7.15.x
  2. https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-m6x8-3hxp-qxwv

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-29102
CVE
CVE-2026-33289
CVE
CVE-2026-33288
CVE
CVE-2025-64490
CVE
CVE-2025-64488
CVE
CVE-2025-64489
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.