[CRITICAL] Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

PKSA-ncsd-s9tq-7bj2 CVE-2026-23500 GHSA-w5j3-8fcr-h87w

Affected package: dolibarr/dolibarr

Affected version: <=22.0.4

Reported by:
GitHub