CVE-2026-29096
SuiteCRM 7.15.x and 8.9.x are affected by CVE-2026-29096 due to unsanitized handling of the field_function parameter in AOR_Reports. When creating or editing a report, the POST field_function value is saved into the aor_fields table without validation, and later concatenated directly into a SQL S...