CVE Catalog

CVE-2026-44442

Critical
Published: Translated: NVD NIST

Summary

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to version 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role.

Risk Assessment

The lack of proper authorization checks may lead to unauthorized changes to data, jeopardizing the integrity of the system and the organization's data.

Recommendation

It is recommended to upgrade to version 16.9.1 or later to mitigate this vulnerability.

Original NVD description (English source)

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS