UBUNTU-CVE-2026-10154

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-10154

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10154.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-10154

Upstream

CVE-2026-10154

Published

2026-06-01T00:00:00Z

Modified

2026-06-01T10:15:51.609315300Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is sufficient to fix this issue. The name of the patch is 119b3606c7a701747a57a1f18b1a9e7666f678e2. It is suggested to upgrade the affected component.

References

Affected packages

Ubuntu:16.04:LTS / dolibarr

Package

Name: dolibarr
Purl: pkg:deb/ubuntu/dolibarr?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.5+dfsg1-2

3.5.7+dfsg1-1

3.5.8+dfsg1-1

3.5.8+dfsg1-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.5.8+dfsg1-1ubuntu1",
            "binary_name": "dolibarr"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10154.json"