CVE-2026-58376 Dolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints

🗓️ 30 Jun 2026 15:59:10Reported by VulnCheckType

Dolibarr 23.0.3 suffers SQL injection via sqlfilters in REST endpoints, enabling data exfiltration by authenticated users.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2026-58376	30 Jun 202615:59	–	attackerkb
Circl	CVE-2026-58376	30 Jun 202618:30	–	circl
CVE	CVE-2026-58376	30 Jun 202615:59	–	cve
EUVD	EUVD-2026-40363	30 Jun 202615:59	–	euvd
NVD	CVE-2026-58376	30 Jun 202617:16	–	nvd
Positive Technologies	PT-2026-53933	30 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-58376 Dolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints	30 Jun 202615:59	–	vulnrichment

[
  {
    "vendor": "Dolibarr",
    "product": "dolibarr",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "semver",
        "lessThanOrEqual": "23.0.3"
      },
      {
        "status": "unaffected",
        "version": "14db36e8486ef725b0d493d97abb2950a54358d3",
        "versionType": "git"
      }
    ],
    "repo": "https://github.com/Dolibarr/dolibarr"
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/dolibarr-sql-injection-via-sqlfilters-parameter-in-multiple-rest-api-list-endpoints
github	www.github.com/Dolibarr/dolibarr/pull/38794
github	www.github.com/Dolibarr/dolibarr/issues/38768
github	www.github.com/Dolibarr/dolibarr/commit/14db36e8486ef725b0d493d97abb2950a54358d3

30 Jun 2026 15:59Current

CVSS 47.2

CVSS 3.17.6

CWE-89