CVE-2026-37713

HIGH EPSS 30.3%

Published May 27, 20261mo ago · Modified Jun 17, 20261w ago

7.3 CVSS 3.1

High

Published May 27, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.

CVSS Details

Base Score

7.3

Exploitability

3.9

Impact

3.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

30.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 2

bryamzxz.github.io https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/
github.com https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-cq92-jp5j-rwvj

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.