← Volver a CVEs
CVE-2026-27471
CRITICAL9.1
Descripcion
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.
Detalles CVE
Puntuacion CVSS v3.19.1
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/21/2026
Ultima modificacion2/24/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
frappe:erpnext
Debilidades (CWE)
CWE-284CWE-306CWE-862
Referencias
https://github.com/frappe/erpnext/commit/78fc9424d9085c2eafe1211931e22d7044f85fc7(security-advisories@github.com)
https://github.com/frappe/erpnext/security/advisories/GHSA-wpfx-jw7g-7f83(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.