High severity8.8NVD Advisory· Published May 13, 2026· Updated May 14, 2026

CVE-2026-44447

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0.

Affected products

Erpnext/Erpnextllm-fuzzy
Range: <16.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/erpnext/security/advisories/GHSA-q65v-fm9p-9vh3nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000