CVE-2026-44441

MEDIUM NVD

CVSS Score 5

Severity MEDIUM

Published May 13, 2026

Vendor unknown

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16.0.

References

https://github.com/frappe/erpnext/security/advisories/GHSA-m4m4-j2m2-7fcw