External risk intelligence

Dolibarr ERP CRM Authorization Bypass Vulnerability

CVE advisorySeverity: MEDIUM (CVSS 5.3)

CVE-2026-10154

A vulnerability in Dolibarr ERP CRM allows for remote authorization bypass by manipulating an ID argument in the user messaging function. This could lead to unauthorized access to systems and data. Upgrading the software resolves this issue.

4Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-10154

Dolibarr is a web-based ERP/CRM application commonly deployed as a public-facing web service to facilitate remote access for business users. The vulnerability exists within a web-accessible script, making it reachable in typical internet-facing web application deployments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified within the Dolibarr ERP CRM application. The flaw is located in a function that handles user messaging. This weakness could permit unauthorized access to the system.

  • Vulnerable component: Dolibarr ERP CRM messaging function
  • Core weakness: Authorization bypass via ID manipulation
  • Main business impact: Unauthorized system access

Attack Path

How an attacker could exploit the issue

A vulnerability in Dolibarr ERP CRM allows for authorization bypass through manipulation of an ID argument. This issue is accessible remotely, meaning an attacker does not need direct access to the affected organization's internal systems to exploit it. The organization's systems, data, and employees could be impacted by unauthorized access.

  • An exposed function is accessible.
  • An attacker gains access remotely.
  • Attacker manipulates ID for bypass.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Dolibarr ERP CRM allows for unauthorized access to user messaging functions. Attackers can exploit this by manipulating an ID argument in a specific file, potentially leading to unauthorized data exposure or modification. Remediation involves upgrading to a corrected version of the software.

  • Likely attacker skill level: Low
  • Required access or conditions: Remote, unauthenticated
  • Business risk or urgency: Medium

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A vulnerability has been identified in Dolibarr ERP CRM that could allow unauthorized access due to manipulation of an argument in a specific file. This issue can be exploited remotely, posing a potential risk to business operations and sensitive data. Addressing this vulnerability involves upgrading the affected component to a secure version.

  • Find assets using the affected component.
  • Isolate affected systems if immediate upgrade is not possible.
  • Upgrade, verify the fix, and monitor for related issues.

Frequently asked questions

What is Dolibarr ERP CRM and what is it used for?

Dolibarr ERP CRM is a web-based software package used for business management. People use it to handle customer relationships, manage projects, track sales, and more, making it a central tool for running a company's operations.

How does CVE-2026-10154 grant unauthorized access?

CVE-2026-10154 is an authorization bypass vulnerability. Attackers can exploit it by manipulating an ID argument in the messaging.php file, which allows them to access functions they should not have permission for.

What conditions are needed to exploit CVE-2026-10154?

An attacker can exploit this vulnerability remotely without needing any authentication. The primary precondition is the ability to send a crafted request to the affected messaging function, manipulating the ID parameter.

Who should be concerned about this CVE-2026-10154 threat?

Organizations using Dolibarr ERP CRM that is accessible from the internet should be concerned. Because the vulnerability can be exploited remotely, it poses a risk to any internet-facing instances of the software.

What is the first step to address CVE-2026-10154?

The recommended first step is to upgrade Dolibarr ERP CRM to version 23.0.3 or later. This upgrade contains the necessary fix to prevent exploitation of the authorization bypass vulnerability.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified