An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/37xxx/CVE-2026-37711.json",
"cna_assigner": "mitre"
}