What is the CVSS score of CVE-2026-29104?

CVE-2026-29104 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of SuiteCRM are affected by CVE-2026-29104?

CVE-2026-29104 is a low-severity vulnerability in SuiteCRM (CVSS 2.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

SuiteCRM CVE-2026-29104

LOW

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-19 security-advisories@github.com

File Upload

2.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 19, 2026 - 23:30 vuln.today

CVE Published

Mar 19, 2026 - 23:16 nvd

LOW 2.7

DescriptionNVD

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file type restrictions when uploading PDF font files, allowing arbitrary files with attacker‑controlled filenames to be written to the server. Although the upload directory is not directly web‑accessible by default, this behavior breaks security boundaries and may enable further attacks when combined with other vulnerabilities or in certain deployment configurations. Versions 7.15.1 and 8.9.3 patch the issue.

AnalysisAI

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-29104 vulnerability details – vuln.today

Back

SuiteCRM CVE-2026-29104

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code