216.73.217.19

CVE-2026-29109

· Published 20/03/2026 00:16 · Modified 20/03/2026 13:37

Labels: CVE-2026-29109 2026-03-20CVE-2026-29109CWE-502[email protected]

Essential information

Published
20/03/2026 00:16
Modified
20/03/2026 13:37
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary system commands on the server. `FilterDefinitionProvider.php` calls `unserialize()` on user-controlled data from the `saved_search.contents` database column without restricting instantiable classes. Version 8.9.3 patches the issue.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
suitecrm / suitecrm cpe:2.3:a:suitecrm:suitecrm:<8.9.3:*:*:*:*:*:*:*
suitecrm / suitecrm cpe:2.3:a:suitecrm:suitecrm:8.9.3:*:*:*:*:*:*:*

References