CVE-2026-31019
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP funct
CVSS
8.8
High
EPSS
0.6%
p43
KEV
—
Exploit Today
13
0-100
Published: Apr 21, 2026 · Last modified: Jul 5, 2026 · CWE-78
0.6%EPSS · 30 days0.6%
2026-06-302026-07-17
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2026-398089.8 CRI99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability1dCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability9dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection9d