Known Vulnerabilities for Erpnext by Frappe
Listed below are 10 of the newest known vulnerabilities associated with "Erpnext" by "Frappe".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44448 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed ... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44447 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL i... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44446 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulne... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44445 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction o... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44442 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce pro... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44441 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could se... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-44440 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-38432 json | ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permi... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-38431 json | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-31017 json | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Fra... | Not Provided | 2026-04-08 | 2026-04-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Frappe | Erpnext | 9.2.9 | |||
| Application | Frappe | Erpnext | 9.2.8 | |||
| Application | Frappe | Erpnext | 9.2.7 | |||
| Application | Frappe | Erpnext | 9.2.6 | |||
| Application | Frappe | Erpnext | 9.2.5 | |||
| Application | Frappe | Erpnext | 9.2.4 | |||
| Application | Frappe | Erpnext | 9.2.3 | |||
| Application | Frappe | Erpnext | 9.2.24 | |||
| Application | Frappe | Erpnext | 9.2.23 | |||
| Application | Frappe | Erpnext | 9.2.22 | |||
| Application | Frappe | Erpnext | 9.2.21 | |||
| Application | Frappe | Erpnext | 9.2.20 | |||
| Application | Frappe | Erpnext | 9.2.2 | |||
| Application | Frappe | Erpnext | 9.2.19 | |||
| Application | Frappe | Erpnext | 9.2.18 | |||
| Application | Frappe | Erpnext | 9.2.17 | |||
| Application | Frappe | Erpnext | 9.2.16 | |||
| Application | Frappe | Erpnext | 9.2.15 | |||
| Application | Frappe | Erpnext | 9.2.14 | |||
| Application | Frappe | Erpnext | 9.2.13 |