SuiteCRM-Core — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in SuiteCRM-Core, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-32697	SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR) CWE-639	6.5	Medium	2026-03-19
CVE-2026-29109	SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing CWE-502	7.2	-	2026-03-19
CVE-2026-29108	Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User CWE-200	6.5	Medium	2026-03-19
CVE-2025-64493	SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL CWE-89	6.5	Medium	2025-11-08
CVE-2025-64492	SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection CWE-89	8.8	High	2025-11-08
CVE-2025-54786	SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data CWE-200	5.3	Medium	2025-08-06
CVE-2024-36419	SuiteCRM-Core Host Header Injection in /legacy CWE-601	4.3	Medium	2024-06-10
CVE-2023-47643	SuiteCRM has Unauthenticated Graphql Introspection Enabled CWE-200	3.1	Low	2023-11-21

All 8 known CVE vulnerabilities affecting SuiteCRM-Core with full Chinese analysis, references, and POCs where available.