CVE-2026-33289
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding it into the LDAP search filter. By injecting LDAP control characters, an unauthenticated attacker can manipulate the query logic, which can lead to authentication bypass or information disclosure. Versions 7.15.1 and 8.9.3 patch the issue.
Analysis
An LDAP injection vulnerability in SuiteCRM's authentication flow allows attackers to manipulate LDAP queries by injecting control characters into user-supplied input, potentially leading to authentication bypass or information disclosure. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, which are open-source CRM systems widely deployed in enterprise environments. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all SuiteCRM instances and their versions; disable LDAP authentication if possible or restrict LDAP service access to trusted networks only. Within 7 days: Prepare and test upgrade to SuiteCRM 7.15.1 or 8.9.3 in a non-production environment; implement WAF rules to block LDAP injection patterns in authentication requests. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today