2 matches found
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109
Summary: CVE-2026-29109 affects SuiteCRM up to version 8.9.2, where the SavedSearch filter processing contains an unsafe deserialization flaw. The code path in FilterDefinitionProvider.php calls unserialize() on user-controlled data from the saved_search.contents column without restricting instan...