Vulnerability in Dolibarr Erp Crm
CVE-2026-7689
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results…
EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Dolibarr Erp Crm — versions 23.0.0, 23.0.1, 23.0.2
Weakness classification (CWE)
References
- VDB-360859 | Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification (technical-description, vdb-entry)
- VDB-360859 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #801794 | Dolibarr Dolibarr ERP/CRM 23.0.2 Authentication Bypass Issues (third-party-advisory)
- cna@vuldb.com (exploit)
Frequently asked questions
- What is CVE-2026-7689?
- CVE-2026-7689 is a low-severity vulnerability in Dolibarr Erp Crm, classified under Insufficient Verification of Data Authenticity. CVSS score: 3.7/10. Published 2026-05-03.
- How severe is CVE-2026-7689?
- Low severity. CVSS v3 base score is 3.7 out of 10.