Improper Authorization in Dolibarr ERP CRM Legacy Filemanager Component
CVE-2026-11619

5.3MEDIUM

Key Information:

Vendor

Dolibarr

Status
Erp Crm
Vendor
CVE Published:
9 June 2026

What is CVE-2026-11619?

A vulnerability affects Dolibarr ERP CRM up to version 23.0.2, specifically within the Legacy Filemanager component. An unknown function in the file htdocs/core/filemanagerdol/connectors/php/config.inc.php is susceptible to improper authorization. This flaw allows attackers to perform unauthorized actions remotely. It is crucial for users to upgrade to version 23.0.3 to mitigate the risks associated with this vulnerability, as the exploit is publicly available and may be leveraged by malicious actors. Ensure that your system is up to date to safeguard against potential attacks.

Affected Version(s)

ERP CRM 23.0.0

ERP CRM 23.0.1

ERP CRM 23.0.2

References

https://vuldb.com/vuln/369300
vdb-entry
https://vuldb.com/vuln/369300/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11619
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abderrahmane Aksoum (VulDB User)
.