← Back to CVEs
CVE-2026-27471
CRITICAL9.1
Description
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.
CVE Details
CVSS v3.1 Score9.1
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/21/2026
Last Modified2/24/2026
Sourcenvd
Honeypot Sightings0
Affected Products
frappe:erpnext
Weaknesses (CWE)
CWE-284CWE-306CWE-862
References
https://github.com/frappe/erpnext/commit/78fc9424d9085c2eafe1211931e22d7044f85fc7(security-advisories@github.com)
https://github.com/frappe/erpnext/security/advisories/GHSA-wpfx-jw7g-7f83(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.