Dolibarr 23.0.0: PHP eval() whitelist bypass → RCE via two bugs (CVE-2026-22666)

Y	Hacker News new \| ask \| show \| jobs

	Dolibarr 23.0.0: PHP eval() whitelist bypass → RCE via two bugs (CVE-2026-22666) (jivasecurity.com)
	2 points by jiva 65 days ago

1 comments

Root cause analysis and full PoC. Coordinated disclosure — patch is available as of 4/4/2026