Home / Vulnerability Intelligence / CVE-2026-29103

CVE-2026-29103 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 20, 2026

SuiteCRM - Remote Code Execution

Published: March 19, 2026Updated: March 20, 2026Remote Exploitable

Overview

SuiteCRM 7.15.0 and 8.9.2 contain a remote code execution caused by improper PHP token parsing in ModuleScanner.php, letting authenticated administrators execute arbitrary system commands, exploit requires admin authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 19.9%(Probability of exploitation in next 30 days)

Impact

Authenticated administrators can execute arbitrary system commands, leading to full system compromise.

Mitigation

Upgrade to versions 7.15.1 and 8.9.3 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-29103 - Critical (9.1) SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute ar... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29103/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-29103
Severity: Critical
CVSS Score: 9.1
Type: remote_code_execution
Status: unconfirmed
EPSS: 19.9%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

19.9%Probability of exploitation in the next 30 days