CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-32697

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, the `RecordHandler::getRecord()` method retrieves any record by module and ID without checking the current user's ACL view permission. The companion `saveRecord()` method correctly checks `$bean->ACLAccess('save')`, but `getRecord()` skips the equivalent `ACLAccess('view')` check. Version 8.9.3 patches the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.8%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-9p9g-224x-6rmm

Products affected by CVE-2026-32697

Suitecrm » Suitecrm » Version: Any

cpe:2.3:a:suitecrm:suitecrm:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32697

Products

Pricing

Contact Us