CVE-2026-44442
CriticalSummary
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to version 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role.
Risk Assessment
The lack of proper authorization checks may lead to unauthorized changes to data, jeopardizing the integrity of the system and the organization's data.
Recommendation
It is recommended to upgrade to version 16.9.1 or later to mitigate this vulnerability.
Original NVD description (English source)
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.

