Frappe: >> Erpnext >> 15.106.0 Security Vulnerabilities
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.
CVSS Score
9.9
EPSS Score
0.003
Published
2026-05-13
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0.
CVSS Score
8.8
EPSS Score
0.003
Published
2026-05-13