CVE-2026-55242
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Description
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's normal permission scope. This issue is fixed in versions 15.111.0 and 16.22.0.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
frappe
Product
erpnext
Discussion (0)
Add Comment
No comments yet. Be the first!