{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "7.15.1"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7f2b384db8531c735b72abc87b65202f9713bfa6"
            }
          ],
          "repo": "https://github.com/suitecrm/suitecrm",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-mr5v-wcgr-98qr"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29102.json"
  },
  "details": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue.",
  "id": "CVE-2026-29102",
  "modified": "2026-04-01T23:10:40.965611099Z",
  "published": "2026-03-19T22:53:09.827Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://docs.suitecrm.com/admin/releases/7.15.x"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29102.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-mr5v-wcgr-98qr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29102"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SuiteCRM has Authenticated RCE in Modules"
}