PatchSiren cyber security CVE debrief
CVE-2026-11619 Dolibarr CVE debrief
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d.
- Vendor
- Dolibarr
- Product
- ERP CRM
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Dolibarr ERP CRM up to version 23.0.2 should be aware of this vulnerability and take steps to upgrade to version 23.0.3.
Technical summary
The vulnerability has a CVSS score of 2.1 and is classified as LOW severity. It can be exploited remotely and allows for improper authorization.
Defensive priority
Low
Recommended defensive actions
- Upgrade to version 23.0.3 of Dolibarr ERP CRM to resolve this issue.
- Apply the patch with identifier f1b2dd6481e22cacb561d29ffdcd3a50b618479d.
Evidence notes
The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11619) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11619). Additional information can be found at [ref-4](https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3), [ref-5](https://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d), and [ref-6](https://vuldb.com/cve/CVE-2026-11619).
Official resources
CVE-2026-11619 was published on 2026-06-09T03:16:25.877Z and modified on 2026-06-09T16:16:38.877Z.