CVE-2026-44447

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
13/05/2026
Last modified:
14/05/2026

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:* 16.9.0 (excluding)