CVE-2024-36416

HIGH

SuiteCRM < 7.14.4 - Denial of Service via Excessive Logging in v4 API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-36416. PoCs published by kva55.

AI-analyzed exploit summary The repository contains a Python script that scans for CVE-2024-36416, a DoS vulnerability in SuiteCRM caused by excessive logging. It checks for specific HTTP responses and headers to determine potential vulnerability but does not include functional exploit code.

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Exploits (1)

nomisec SCANNER
by kva55 · poc
https://github.com/kva55/CVE-2024-36416

The repository contains a Python script that scans for CVE-2024-36416, a DoS vulnerability in SuiteCRM caused by excessive logging. It checks for specific HTTP responses and headers to determine potential vulnerability but does not include functional exploit code.

Classification
Scanner 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: SuiteCRM <=7.14.3, 8.6.0
No auth needed
Prerequisites: Network access to the target SuiteCRM instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.6
EPSS 0.0195
EPSS Percentile 77.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-779
Status published
Products (1)
salesagility/suitecrm < 7.14.4
Published Jun 10, 2024
Tracked Since Feb 18, 2026