Is there a public PoC exploit available for CVE-2026-7689?

Yes, a public proof-of-concept exploit is available for CVE-2026-7689. Prioritise patching immediately. EPSS: 0.0%.

Dolibarr ERP CRM CVE-2026-7689

Q: What is the CVSS score of CVE-2026-7689?

CVE-2026-7689 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26827 LOW

Improper Verification of Cryptographic Signature (CWE-347)

2026-05-03 VulDB

PHP Information Disclosure Jwt Attack

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 03, 2026 - 10:22 NVD

3.7 (LOW) 2.9 (LOW)

PoC Detected

May 03, 2026 - 10:16 vuln.today

Public exploit code

Analysis Generated

May 03, 2026 - 10:15 vuln.today

EUVD ID Assigned

May 03, 2026 - 09:45 euvd

EUVD-2026-26827

Analysis Generated

May 03, 2026 - 09:45 vuln.today

CVE Published

May 03, 2026 - 09:30 nvd

LOW 2.9

DescriptionNVD

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper cryptographic signature verification in Dolibarr ERP CRM up to version 23.0.2 allows remote attackers to bypass signature validation in the Online Signature Module, potentially forging or manipulating signed transactions. The vulnerability affects the dol_verifyHash function and has been publicly disclosed with exploit code available, though exploitation requires high technical complexity and is not confirmed as actively exploited in production environments.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7689 vulnerability details – vuln.today

Back