CVE-2026-32697
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, the `RecordHandler::getRecord()` method retrieves any record by module and ID without checking the current user's ACL view permission. The companion `saveRecord()` method correctly checks `$bean->ACLAccess('save')`, but `getRecord()` skips the equivalent `ACLAccess('view')` check. Version 8.9.3 patches the issue.
Vendor
Product
CWE
Yayın Tarihi
2026-03-20 00:16:16
Güncelleme
2026-03-23 16:42:53
Source Identifier
security-advisories@github.com
KEV Date Added
-