プラットフォーム
php
コンポーネント
dolibarr
修正版
23.0.2
CVE-2026-22666 describes a remote code execution (RCE) vulnerability affecting Dolibarr ERP/CRM versions from 0.0.0 through 23.0.2. This vulnerability arises from insufficient input validation within the dolevalstandard() function, allowing attackers to bypass security measures and execute arbitrary commands. Successful exploitation requires administrator privileges and can lead to complete system compromise. A patch is available in version 23.0.2.
The impact of CVE-2026-22666 is significant due to its potential for remote code execution. An attacker with administrator access can leverage this vulnerability to execute arbitrary commands on the server hosting Dolibarr. This could involve data exfiltration, modification of sensitive data, installation of malware, or complete system takeover. The ability to bypass validation through computed extrafields makes exploitation relatively straightforward for skilled attackers. The blast radius extends to all data stored within the Dolibarr instance and potentially to other systems accessible from the compromised server, depending on the attacker's actions following initial access. This vulnerability shares similarities with other PHP code injection flaws where improper sanitization of user-supplied data leads to arbitrary code execution.
CVE-2026-22666 was publicly disclosed on 2026-04-07. Its inclusion in the CISA KEV catalog is pending. Currently, no public proof-of-concept (PoC) exploits have been widely reported, but the vulnerability's ease of exploitation suggests it may become a target for opportunistic attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Dolibarr ERP/CRM for critical business processes are particularly at risk. Those running legacy installations or with limited security expertise are also more vulnerable. Shared hosting environments where multiple users share the same server instance are at increased risk, as a compromise of one user's Dolibarr installation could potentially affect others.
• php: Examine Dolibarr logs for unusual PHP function calls, especially within the dolevalstandard() function. Look for patterns indicative of code injection attempts.
grep -i 'dol_eval_standard' /path/to/dolibarr/log/error.log• generic web: Monitor access logs for requests containing suspicious characters or patterns that might indicate an attempt to inject PHP code.
grep -i 'eval(' /path/to/dolibarr/access.log• generic web: Check response headers for unexpected content or error messages that could indicate a successful code execution.
• linux / server: Use lsof to identify any unexpected PHP processes running with elevated privileges.
lsof -p $(ps aux | grep 'php' | grep 'dolibarr' | awk '{print $2}')disclosure
patch
エクスプロイト状況
EPSS
0.15% (36% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-22666 is to immediately upgrade Dolibarr ERP/CRM to version 23.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to administrative functions and carefully review any computed extrafields or evaluation paths for potential vulnerabilities. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to inject PHP code through user input. Monitor Dolibarr logs for suspicious activity, particularly any attempts to execute commands or access sensitive files. After upgrading, confirm the fix by attempting to trigger the vulnerable function with a known malicious payload and verifying that it is properly blocked.
Actualice Dolibarr ERP/CRM a la versión 23.0.2 o superior para mitigar la vulnerabilidad de ejecución remota de código. La actualización corrige la falla en la función dol_eval_standard() que permitía la inyección de código malicioso a través de campos extra calculados.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-22666 is a remote code execution vulnerability in Dolibarr ERP/CRM versions 0.0.0–23.0.2, allowing attackers with admin access to execute arbitrary commands.
If you are running Dolibarr ERP/CRM versions 0.0.0 through 23.0.2, you are potentially affected by this vulnerability.
Upgrade Dolibarr ERP/CRM to version 23.0.2 or later to remediate the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests it may become a target for attackers.
Refer to the official Dolibarr security advisory for detailed information and updates: [https://www.dolibarr.org/security/](https://www.dolibarr.org/security/)
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。