Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
SuiteCRM REST API exposes sensitive data to authenticated users
CVE-2026-29189
Summary
Authenticated users can access and modify data they shouldn't be able to see or change. This is a risk because it lets unauthorized users see or alter sensitive customer information. Update to SuiteCRM versions 7.15.1 or 8.9.3 to fix the issue.
Original title
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Contro...
Original description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they should not have permission to interact with. Versions 7.15.1 and 8.9.3 patch the issue.
nvd CVSS3.1
8.1
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 20 Mar 2026 · Updated: 20 Mar 2026 · First seen: 20 Mar 2026