CVE-2026-7689 Overview
CVE-2026-7689 is an improper cryptographic signature verification flaw in Dolibarr ERP CRM versions up to 23.0.2. The defect resides in the dol_verifyHash function within htdocs/core/lib/security.lib.php, which is invoked by the Online Signature Module. An unauthenticated remote attacker can attempt to bypass signature validation, though successful exploitation is described as highly complex. A public proof-of-concept has been released. The vendor was contacted before disclosure but did not respond. The weakness is classified under CWE-345 (Insufficient Verification of Data Authenticity).
Critical Impact
Remote attackers may bypass cryptographic signature verification in the Online Signature Module, undermining integrity guarantees for signed records in Dolibarr deployments running version 23.0.2 or earlier.
Affected Products
- Dolibarr ERP CRM versions up to and including 23.0.2
- htdocs/core/lib/security.lib.php library — dol_verifyHash function
- Online Signature Module component
Discovery Timeline
- 2026-05-03 - CVE-2026-7689 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-7689
Vulnerability Analysis
The flaw arises in dol_verifyHash, the routine Dolibarr uses to confirm that a provided value matches an expected cryptographic hash or signature. The function is consumed by the Online Signature Module, which records signatures applied to business documents such as quotes, orders, and contracts. Improper verification at this layer means a crafted input can be accepted as valid even when it does not authentically correspond to the signing key or hash.
The issue is reachable over the network without authentication or user interaction. However, the advisory characterizes exploitation as difficult, and the recorded EPSS probability of 0.008% reflects limited observed activity. Impact is limited to integrity of signature data — confidentiality and availability are not affected based on the published vector. A public proof-of-concept exists on GitHub Gist, increasing the risk that opportunistic attackers will attempt the technique against exposed instances.
Root Cause
The root cause is insufficient verification logic inside dol_verifyHash. The function fails to enforce the strict cryptographic equivalence required when comparing supplied authentication material to stored values, allowing certain inputs to be treated as valid signatures. This maps directly to [CWE-345], where the application trusts data without proving its authenticity.
Attack Vector
An attacker reaches the Online Signature Module endpoint over the network and submits a request that triggers dol_verifyHash. By manipulating the parameters consumed by the verification routine, the attacker can cause the function to return a positive result for content that was not legitimately signed. Because the attack complexity is high, exploitation likely requires precise knowledge of internal hash formats and request structure documented in the published proof-of-concept on GitHub Gist.
No verified exploit code is reproduced here. See the VulDB entry #360859 for the publicly tracked technical writeup.
Detection Methods for CVE-2026-7689
Indicators of Compromise
- Unexpected requests targeting Online Signature Module routes such as /public/onlinesign/ or controllers calling dol_verifyHash
- Successful signature validation events for documents whose audit history shows no legitimate signer interaction
- Repeated 200 responses to anomalous parameter combinations against signature endpoints from unfamiliar source addresses
Detection Strategies
- Enable verbose logging on the Online Signature Module and forward access logs to a centralized analytics tier for review
- Compare signed document hashes against application audit trails to surface mismatches between recorded signers and underlying record state
- Alert on HTTP requests containing manipulated query parameters consumed by dol_verifyHash, especially from unauthenticated sessions
Monitoring Recommendations
- Monitor web server access logs for traffic patterns matching the published proof-of-concept request flow
- Track database modifications to signature tables and correlate with corresponding HTTP requests
- Review egress and ingress traffic to Dolibarr instances exposed to the internet for reconnaissance against /htdocs/core/ paths
How to Mitigate CVE-2026-7689
Immediate Actions Required
- Inventory all Dolibarr ERP CRM deployments and identify any instance running version 23.0.2 or earlier
- Restrict network access to the Online Signature Module from untrusted networks until a fix is applied
- Audit existing signature records for entries that cannot be reconciled with legitimate user activity
Patch Information
No official vendor patch is referenced in the published advisory at the time of this writing. The vendor did not respond to disclosure attempts. Track the VulDB Vulnerability #360859 record and the upstream Dolibarr project for security release announcements, and apply the next available update that explicitly addresses dol_verifyHash.
Workarounds
- Place the application behind a reverse proxy or web application firewall and block requests targeting the Online Signature Module from unauthenticated sources
- Disable the Online Signature Module if it is not required for business operations
- Apply local code review to htdocs/core/lib/security.lib.php and harden dol_verifyHash to enforce strict comparison and reject malformed inputs
- Require additional out-of-band confirmation, such as email verification, before signature events are committed as authoritative
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
