CVE-2026-27471

Critical CVSS: 9.3

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.

Vendor

Frappe

Product

Erpnext

CWE

CWE-284

Yayın Tarihi

2026-02-21 07:16:13

Güncelleme

2026-02-24 14:52:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Erpnext CRITICAL Frappe 2026

Referanslar

https://github.com/frappe/erpnext/commit/78fc9424d9085c2eafe1211931e22d7044f85fc7 https://github.com/frappe/erpnext/security/advisories/GHSA-wpfx-jw7g-7f83

Benzer Kayıtlar

Medium

CVE-2026-34606

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27…

High

CVE-2026-32954

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpo…

Critical

CVE-2026-31877

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a ce…

Medium

CVE-2026-31878

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a…

Medium

CVE-2026-31879

Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation…

Medium

CVE-2026-28436

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted…