CVE-2026-11619
MEDIUMDescription
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.
How to fix
No published remediation has been found for this vulnerability's affected products yet.
Mitigation guidance may be in the linked vendor advisories in the References section below.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploit Intelligence
Low risk: more likely to be exploited than 11% of all known CVEs.
References
Embed a live status badge for CVE-2026-11619
Markdown
[](https://tridentstack.com/cve/CVE-2026-11619)HTML
<a href="https://tridentstack.com/cve/CVE-2026-11619"><img src="https://tridentstack.com/cve/badge/CVE-2026-11619.svg" alt="CVE-2026-11619"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-09.