Primary

Context

SuiteCRM Server-Side Request Forgery and Denial-of-Service Vulnerability in RSS Feed Dashlet

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability, combined with a Denial of Service (DoS) condition, has been identified in the RSS Feed Dashlet component of SuiteCRM. This vulnerability affects versions of SuiteCRM prior to 7.15.1 and 8.9.3. The issue allows an attacker to manipulate server-side requests, potentially leading to unauthorized actions or information disclosure, while also causing a disruption in service availability.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server perform requests on their behalf. This is combined with a Denial of Service condition, causing disruptions in service availability.

Remediation

Users can upgrade to SuiteCRM version 7.15.1 or 8.9.3 to address this vulnerability.

Added: Mar 19, 2026, 11:30 PM

Updated: Mar 19, 2026, 11:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Server-Side Request Forgery and Denial-of-Service Vulnerability in RSS Feed Dashlet

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating