Remote Code Execution Vulnerability in Dolibarr ERP/CRM from Dolibarr
CVE-2026-37712

Currently unrated

Key Information:

Vendor: Dolibarr
Status: Dolibarr ERP/CRM
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-37712?

A vulnerability exists in Dolibarr ERP/CRM versions 22.0.0 through 22.0.4, as well as the 24.0.0-alpha version, which allows an unauthenticated remote attacker to execute arbitrary code on the server. This issue stems from improper handling of function calls in the cronjob.class.php file, specifically through the call_user_func_array() method. Exploiting this vulnerability could lead to significant unauthorized access and control over the application, thereby putting sensitive data at risk. Users are advised to update their systems to the latest versions to mitigate this threat.

References

https://github.com/Dolibarr/dolibarr/security/advisories/...

https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-37712 Data

JSON