VYPR
Medium severity6.5NVD Advisory· Published May 13, 2026· Updated May 14, 2026

CVE-2026-44440

CVE-2026-44440

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is fixed in 15.101.1 and 16.10.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Frappe/Erpnextinferred3 versions
    <16.10.0+ 2 more
    • (no CPE)range: <16.10.0
    • cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*range: <15.101.1
    • (no CPE)range: <15.101.1, <16.10.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.