Primary

Context

SuiteCRM REST API V8 Missing ACL Checks Allowing Unauthorized Data Access and Manipulation

Vulnerability

A vulnerability exists in the SuiteCRM REST API V8, prior to versions 7.15.1 and 8.9.3, due to missing Access Control List (ACL) checks on several endpoints. This flaw enables authenticated users to access and modify data without proper authorization. Specifically, users can read other users' preferences and settings, and manipulate relationships between records, bypassing established data isolation measures.

Impact

Exploitation of this vulnerability allows authenticated users to access and modify data they should not have permission to, including reading other users' preferences and manipulating relationships between records, potentially leading to unauthorized data exposure and modification.

Remediation

Users can upgrade to SuiteCRM versions 7.15.1 or 8.9.3 to address this vulnerability.

Added: Mar 20, 2026, 12:26 AM

Updated: Mar 20, 2026, 12:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM REST API V8 Missing ACL Checks Allowing Unauthorized Data Access and Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating