ГлавнаяУязвимости → CVE-2026-27471
9.1критическая

CVE-2026-27471

Описание

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.

Затрагиваемое ПО
Frappe Erpnext
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/frappe/erpnext/commit/78fc9424d9085c2eafe1211931e22d7044f85fc7https://github.com/frappe/erpnext/security/advisories/GHSA-wpfx-jw7g-7f83