Authorization Bypass in Dolibarr ERP CRM Messaging Function
CVE-2026-10154

5.3MEDIUM

Key Information:

Vendor

Dolibarr

Status
Erp Crm
Vendor
CVE Published:
30 May 2026

What is CVE-2026-10154?

A security vulnerability has been identified in the messaging.php component of Dolibarr ERP CRM versions 23.0.0 through 23.0.2. This vulnerability allows attackers to bypass authorization mechanisms by manipulating the ID argument, which may lead to unauthorized access to sensitive information. Remote exploitation of this issue poses significant risks, making it imperative for users to upgrade to version 23.0.3, which includes a patch to rectify this flaw. Ensuring that your system is updated will help mitigate potential security threats.

Affected Version(s)

ERP CRM 23.0.0

ERP CRM 23.0.1

ERP CRM 23.0.2

References

https://vuldb.com/vuln/367407
vdb-entrytechnical-description
https://vuldb.com/vuln/367407/cti
signaturepermissions-required
https://vuldb.com/submit/818838
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abderrahmane Aksoum (VulDB User)
.