{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T23:28:02.550","vulnerabilities":[{"cve":{"id":"CVE-2026-29107","sourceIdentifier":"security-advisories@github.com","published":"2026-03-19T23:16:43.680","lastModified":"2026-03-24T13:46:52.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with `<img>` tags. When a PDF is exported using this template, the content (for example, `<img src=http://{burp_collaborator_url}>` is rendered server side, and thus a request is issued from the server, resulting in Server-Side Request Forgery. Versions 7.15.1 and 8.9.3 patch the issue."},{"lang":"es","value":"SuiteCRM es una aplicación de software de Gestión de Relaciones con Clientes (CRM) de código abierto y lista para empresas. Antes de las versiones 7.15.1 y 8.9.3, es posible crear plantillas de PDF con etiquetas . Cuando se exporta un PDF usando esta plantilla, el contenido (por ejemplo, ) se renderiza en el lado del servidor y, por lo tanto, se emite una petición desde el servidor, lo que resulta en una falsificación de petición del lado del servidor. Las versiones 7.15.1 y 8.9.3 corrigen el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*","versionEndExcluding":"7.15.1","matchCriteriaId":"73648654-E7F6-47CF-8E01-19BBFF737C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.9.3","matchCriteriaId":"C7E15DD3-A934-40A2-8B43-ABCCBB53CBCF"}]}]}],"references":[{"url":"https://docs.suitecrm.com/admin/releases/7.15.x","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-g7cv-4ghj-x98h","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}