CVE-2026-29109
Unsafe Deserialization in SuiteCRM SavedSearch Enables Remote Code Execution
Publication date: 2026-03-20
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suitecrm | suitecrm | to 8.9.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-29109 is an unsafe deserialization vulnerability in SuiteCRM versions up to and including 8.9.2. It occurs in the SavedSearch filter processing component, specifically in the FilterDefinitionProvider.php file. The vulnerability arises because the application calls PHP's unserialize() function on user-controlled data stored in the saved_search.contents database column without restricting which classes can be instantiated during deserialization."}, {'type': 'paragraph', 'content': 'This flaw allows an authenticated administrator to execute arbitrary system commands on the server, potentially leading to full system compromise. The issue was fixed in version 8.9.3.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact because it allows an authenticated administrator to execute arbitrary system commands remotely on the affected server.
- High impact on confidentiality, as attackers could access sensitive data.
- High impact on integrity, since attackers can modify or corrupt data.
- High impact on availability, as attackers could disrupt or disable the system.
Overall, this could lead to a full compromise of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unsafe deserialization in SuiteCRM versions up to 8.9.2, specifically in the FilterDefinitionProvider.php file processing the saved_search.contents database column. Detection involves verifying the SuiteCRM version and inspecting the presence of unsafe unserialize() calls on user-controlled data.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, first check the SuiteCRM version:'}, {'type': 'list_item', 'content': 'Run a command to check the SuiteCRM version, for example, by inspecting the version file or using the application interface.'}, {'type': 'list_item', 'content': 'Search the codebase for unsafe unserialize() calls in FilterDefinitionProvider.php related to saved_search.contents.'}, {'type': 'paragraph', 'content': 'Example commands might include:'}, {'type': 'list_item', 'content': 'grep -r "unserialize" /path/to/suitecrm/modules/SavedSearch/FilterDefinitionProvider.php'}, {'type': 'list_item', 'content': 'Check the database for suspicious or unexpected serialized data in the saved_search.contents column.'}, {'type': 'list_item', 'content': 'Verify if the SuiteCRM version is 8.9.2 or earlier, which are vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade SuiteCRM to version 8.9.3 or later, where this unsafe deserialization vulnerability has been patched.
Additional immediate steps include:
- Restrict administrative access to trusted users only, as exploitation requires authenticated administrator privileges.
- Monitor and audit administrative actions and saved_search.contents database entries for suspicious activity.
- If upgrading immediately is not possible, consider applying temporary controls such as disabling or restricting the SavedSearch filter processing component, though this may impact functionality.