CVE-2026-58376

Dolibarr · Dolibarr ERP/CRM

Dolibarr ERP/CRM is affected by a security vulnerability that may allow unauthorized access or system impact. Users are advised to verify their current version against the latest vendor security releases.

Executive summary

Dolibarr ERP/CRM contains a high-severity vulnerability that could lead to unauthorized system compromise if left unpatched.

Vulnerability

The specific nature of this vulnerability remains limited in public disclosure, but it necessitates immediate investigation into the software's authentication and resource management functions. The vulnerability affects Dolibarr versions up to and including 23.

Business impact

A successful exploit of this vulnerability could lead to unauthorized access to sensitive business data, potential data exfiltration, or complete system compromise. With a CVSS score of 7.6, this flaw represents a significant risk to the integrity and confidentiality of the ERP/CRM environment, potentially resulting in operational downtime or regulatory non-compliance.

Remediation

Immediate Action: Review the latest vendor security advisories and apply the most recent stable update provided by the Dolibarr project.

Proactive Monitoring: Review web server access logs for anomalous request patterns or unauthorized administrative access attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block common web-based attack vectors targeting the Dolibarr platform.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the CVSS score of 7.6, IT administrators should treat this vulnerability with high priority. Organizations using Dolibarr must audit their current deployments immediately and apply the necessary patches as soon as they are made available by the vendor to prevent unauthorized access.