Back to CVE List

CVE-2026-55242

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's normal permission scope. This issue is fixed in versions 15.111.0 and 16.22.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
frappe
Product
erpnext

External References

Discussion (0)

Add Comment

No comments yet. Be the first!