Deserialization in Suitecrm Suitecrm-core

CVE-2026-29109

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component tha…

Vulnerability class: Insecure Deserialization

EPSS: 0.001 (27.4th percentile) — read the EPSS interpretation.

Affected products

Suitecrm Suitecrm-core — versions < 8.9.3

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-mhq2-277m-6w24 (x_refsource_CONFIRM)