SSRF in Suitecrm
CVE-2026-29097
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability combined with a Denial of Service (DoS)…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.000 (6.1th percentile) — read the EPSS interpretation.
Affected products
- Suitecrm — versions < 7.15.1, >= 8.0.0, < 8.9.3
Weakness classification (CWE)
References
- https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-x3p2-qcqh-qx2m (x_refsource_CONFIRM)
- https://docs.suitecrm.com/admin/releases/7.15.x (x_refsource_MISC)