CVE-2026-31019 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 21, 2026
Dolibarr ERP & CRM - Remote Code Execution
Overview
Dolibarr ERP & CRM <= 22.0.4 contains a remote code execution caused by bypassing blacklist-based filtering of dangerous PHP functions in the Website module, letting authenticated users with edit permissions execute arbitrary OS commands.
Severity & Score
Impact
Authenticated users with edit permissions can execute arbitrary OS commands, leading to full remote code execution on the server.
Mitigation
Update to the latest version beyond 22.0.4.
Social Media Activity(2 posts)
š CVE-2026-31019 - High (8.8) In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can byp... š https://www.thehackerwire.com/vulnerability/CVE-2026-31019/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-31019 - High (8.8) In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can byp... š https://www.thehackerwire.com/vulnerability/CVE-2026-31019/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31019
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H