Frappe: >> Erpnext >> 16.15.0 Security Vulnerabilities
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16.0.
CVSS Score
5.0
EPSS Score
0.002
Published
2026-05-13