Dolibarr Erp Crm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dolibarr Erp Crm.
By the Year
In 2026 there have been 3 vulnerabilities in Dolibarr Erp Crm with an average score of 5.0 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 4.97 |
It may take a day or so for new Erp Crm vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dolibarr Erp Crm Security Vulnerabilities
Improper Auth in Dolibarr ERP CRM 23.0.2 Legacy Filemanager
CVE-2026-11619
6.3 - Medium
- June 09, 2026
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.
AuthZ
Dolibarr ERP CRM <23.0.1 Improper Auth in Leave Request REST API
CVE-2026-10215
4.3 - Medium
- June 01, 2026
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 23.0.2 is recommended to address this issue. The identifier of the patch is ee93b6f2f9dd0f6aeefe9d718ab3ab0a44326b73. Upgrading the affected component is advised.
AuthZ
Dolibarr ERP/CRM Auth Bypass via messaging.php ID (23.0.2)
CVE-2026-10154
4.3 - Medium
- May 30, 2026
A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is sufficient to fix this issue. The name of the patch is 119b3606c7a701747a57a1f18b1a9e7666f678e2. It is suggested to upgrade the affected component.
Insecure Direct Object Reference / IDOR
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dolibarr Erp Crm or by Dolibarr? Click the Watch button to subscribe.
