Home / Vulnerability Intelligence / CVE-2026-29103

CVE-2026-29103 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 19, 2026

SuiteCRM - Remote Code Execution

Published: March 19, 2026Updated: March 19, 2026Remote Exploitable

Overview

SuiteCRM 7.15.0 and 8.9.2 contain a remote code execution caused by improper PHP token parsing in ModuleScanner.php, letting authenticated administrators execute arbitrary system commands, exploit requires admin authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Authenticated administrators can execute arbitrary system commands, leading to full system compromise.

Mitigation

Upgrade to versions 7.15.1 and 8.9.3 or later.

References

https://docs.suitecrm.com/admin/releases/7.15.x
https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-5jjq-9qch-9rg7

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29103
Severity: Critical
CVSS Score: 9.1
Type: remote_code_execution
Status: new

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H