An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/37xxx/CVE-2026-37713.json",
"cna_assigner": "mitre"
}