CVE-2026-34036

MEDIUM

Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Title source: cna

Description

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs…). At time of publication, there are no publicly available patches.

Exploits (1)

nomisec WORKING POC
by cnf409 · poc
https://github.com/cnf409/CVE-2026-34036

References (2)

Scores

CVSS v3 6.5
EPSS 0.0003
EPSS Percentile 9.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-98
Status published
Products (3)
dolibarr/dolibarr 0Packagist
Dolibarr/dolibarr <= 22.0.4
dolibarr/dolibarr_erp\/crm < 22.0.4
Published Mar 31, 2026
Tracked Since Mar 31, 2026