VYPR
Medium severity5.0NVD Advisory· Published May 13, 2026· Updated May 14, 2026

CVE-2026-44441

CVE-2026-44441

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Frappe/Erpnext2 versions
    cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*range: <15.106.0
    • (no CPE)range: prior to 15.106.0 and 16.16.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.