CVE-2026-29097

UNKNOWN 0.0

SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

11th

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability combined with a Denial of Service (DoS) condition in the RSS Feed Dashlet component. Versions 7.15.1 and 8.9.3 patch the issue.

CWE	CWE-918
Vendor	suitecrm
Product	suitecrm
Published	Mar 19, 2026
Last Updated	Mar 21, 2026

Stay Ahead of the Next One

Get instant alerts for suitecrm suitecrm

Be the first to know when new unknown vulnerabilities affecting suitecrm suitecrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SuiteCRM / SuiteCRM

< 7.15.1 >= 8.0.0, < 8.9.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-x3p2-qcqh-qx2m docs.suitecrm.com: https://docs.suitecrm.com/admin/releases/7.15.x