PT-2026-40821 · Erpnext · Erpnext
Bugbunny-Research
+1
·
Published
2026-05-13
·
Updated
2026-05-15
·
CVE-2026-44442
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ERPNext versions prior to 16.9.1
Description
Certain endpoints in this open source Enterprise Resource Planning tool fail to enforce proper authorization checks, which allows users to modify data beyond the permissions assigned to their role.
Recommendations
Update to version 16.9.1.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erpnext