CVE-2026-37711

Published May 27th, 2026

View on NVD ↗

CVSS v3

7.3

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php

Dolibarr/dolibarr

Dolibarr ERP CRM is a modern software package to manage your company or foundation's activity (contacts, suppliers, invoices, orders, stocks, agenda, accounting, ...). it's an open source Web application (written in PHP) designed for businesses of any sizes, foundations and freelancers.

GitHub

7.31K