CVE-2026-27471

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.

Vulnerability Details

Published Date

February 21, 2026

Last Modified

February 24, 2026

CWE ID

CWE-284

Source

NVD

Vendor

frappe

Product

erpnext

External References

https://github.com/frappe/erpnext/commit/78fc9424d9085c2eafe1211931e22d7044f85fc7
https://github.com/frappe/erpnext/security/advisories/GHSA-wpfx-jw7g-7f83

CVE-2026-27471

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment