CVE-2026-7689

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM versions prior to 23.0.3

Description A flaw in the Online Signature Module allows for improper verification of cryptographic signatures. This issue occurs within the dol verifyHash() function located in the htdocs/core/lib/security.lib.php library. A remote attacker can exploit this weakness, although the attack is considered highly complex and difficult to execute.

Recommendations Update to a version later than 23.0.2. As a temporary workaround, restrict access to the dol verifyHash() function in the htdocs/core/lib/security.lib.php library to minimize the risk of exploitation.