CVE-2026-10215 | Dolibarr ERP CRM up to 23.0.1 Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization (Issue 37752)

May 31, 2026 Yanac

A vulnerability was found in Dolibarr ERP CRM up to 23.0.1. It has been rated as critical. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization.

This vulnerability is listed as CVE-2026-10215. The attack may be initiated remotely. In addition, an exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More