CVE-2026-29105 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains…
Medium CVSS: 5.4

CVE-2026-29105

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnerability in the WebToLead capture functionality. A user-supplied POST parameter is used as a redirect destination without validation, allowing attackers to redirect victims to arbitrary external websites. This vulnerability allows attackers to abuse the trusted SuiteCRM domain for phishing and social engineering attacks by redirecting users to malicious external websites. Versions 7.15.1 and 8.9.3 patch the issue.
Vendor
Suitecrm
Product
Suitecrm
CWE
CWE-601
Yayın Tarihi
2026-03-19 23:16:43
Güncelleme
2026-03-24 14:10:38
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-601 Suitecrm MEDIUM Suitecrm 2026

Referanslar

https://docs.suitecrm.com/admin/releases/7.15.x https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-9crg-83cg-wv74