Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-44442: ERPNext: Unauthorized Data Modification Before 16.9.1
CVE-2026-44442
Summary
ERPNext users with certain roles may be able to access and modify data they shouldn't. This could lead to incorrect or unauthorized changes to your business data. Update to ERPNext version 16.9.1 or later to fix this issue.
Original title
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their per...
Original description
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.
nvd CVSS3.1
9.9
Vulnerability type
CWE-862
Missing Authorization
Published: 13 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026