CVE-2026-29104 | SuiteCRM up to 7.15.0/8.9.2 Configurator unrestricted upload (GHSA-5hx9-cmmx-26p3)

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability identified as critical has been detected in SuiteCRM up to 7.15.0/8.9.2. The impacted element is an unknown function of the component Configurator Module. The manipulation leads to unrestricted upload.

This vulnerability is documented as CVE-2026-29104. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-29104 | SuiteCRM up to 7.15.0/8.9.2 Configurator unrestricted upload (GHSA-5hx9-cmmx-26p3)

Post correlati

CVE-2024-45662 | IBM Safer Payments up to 6.4.2.07/6.5.0.05/6.6.0.03 allocation of resources

CVE-2024-4541 | Custom Product List Table Plugin up to 3.0.0 on WordPress cross-site request forgery

CVE-2025-5259 | Minimal Share Buttons Plugin up to 1.7.3 on WordPress align cross site scripting

CVE-2021-34963 | Foxit PDF Editor 11.0.0.49893 PolyLine Annotation use after free (ZDI-21-1194)