CVE-2026-29096 | SuiteCRM up to 7.15.0/8.9.2 AOR_Reports field_function sql injection (GHSA-vh42-gmqm-q55m)

A vulnerability labeled as critical has been found in SuiteCRM up to 7.15.0/8.9.2. The affected element is an unknown function of the component AOR_Reports Module. Such manipulation of the argument field_function leads to sql injection.

This vulnerability is referenced as CVE-2026-29096. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More