Is Dolibarr ERP affected by EUVD-2026-24135?

Dolibarr ERP versions 22.0.4 and earlier contain a remote code execution vulnerability affecting any organization with deployed instances and users holding PHP content editing permissions in the Website module.

Dolibarr ERP EUVD-2026-24135

| CVE-2026-31019 HIGH

OS Command Injection (CWE-78)

2026-04-21 mitre

GHSA-j2g9-rprv-hrhc

PHP Command Injection RCE N A

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 19:23 vuln.today

CVSS changed

Apr 21, 2026 - 19:22 NVD

8.8 (None) 8.8 (HIGH)

DescriptionNVD

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.

AnalysisAI

Remote code execution in Dolibarr ERP 22.0.4 and earlier allows authenticated users with PHP content editing permissions to execute arbitrary OS commands on the server. The vulnerability stems from a bypassable blacklist-based filter for dangerous PHP functions in the Website module. …

RemediationAI

Within 24 hours: Inventory all Dolibarr ERP deployments and identify users with PHP content editing permissions in the Website module; immediately revoke these permissions for all non-essential accounts. Within 7 days: Contact Dolibarr vendor for patch timeline; implement network-level restrictions limiting Website module access to administrative IP ranges only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-24135 vulnerability details – vuln.today

Back

Dolibarr ERP EUVD-2026-24135

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code