CVE-2026-33288 in SuiteCRMИнформация

Сводка

по MITRE • 20.03.2026

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize the user-supplied username before using it in a local database query. An attacker with valid, low-privilege directory credentials can exploit this to execute arbitrary SQL commands, leading to complete privilege escalation (e.g., logging in as the CRM Administrator). Versions 7.15.1 and 8.9.3 patch the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

18.03.2026

Раскрытие

20.03.2026

Модерация

принято

Вход

VDB-351981

CPE

готов

CWE

CWE-89 (Подтверждённый)

CVSS

8.8 (CNA)

EPSS

0.00068

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33288
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33288
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33288/

◂ Предыдущий Обзор Далее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!