PT-2026-21361 · Erp · Erp
Arthurgervais
+1
·
Published
2026-02-21
·
Updated
2026-02-24
·
CVE-2026-27471
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ERP versions up to 15.98.0
ERP versions 16.0.0-rc.1 through 16.6.0
Description
Certain API endpoints in ERP lacked proper access validation, potentially allowing unauthorized access to documents. The issue affects versions up to 15.98.0 and 16.0.0-rc.1 through 16.6.0. The lack of authorization on APIs could allow unauthenticated attackers to access sensitive documents.
Recommendations
Update to version 15.98.1 or later.
Update to version 16.6.1 or later.
Exploit
Fix
Missing Authorization
Improper Access Control
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Erp