PT-2026-21361 · Erp · Erp

Arthurgervais

Publicado

2026-02-21

Atualizado

2026-02-24

CVE-2026-27471

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ERP versions up to 15.98.0 ERP versions 16.0.0-rc.1 through 16.6.0

Description Certain API endpoints in ERP lacked proper access validation, potentially allowing unauthorized access to documents. The issue affects versions up to 15.98.0 and 16.0.0-rc.1 through 16.6.0. The lack of authorization on APIs could allow unauthenticated attackers to access sensitive documents.

Recommendations Update to version 15.98.1 or later. Update to version 16.6.1 or later.

Exploit

Correção

Missing Authorization

Improper Access Control

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-284CWE-306

Identificadores relacionados

CVE-2026-27471

GHSA-WPFX-JW7G-7F83

Produtos afetados

Erp

PT-2026-21361 · Erp · Erp

CVE-2026-27471

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13