CVE-2023-54345
Frappe Framework ERPNext 13.4.0 Remote Code Execution
CVSS Score
8.8
EPSS Score
0.1%
EPSS Percentile
26th
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.
| CWE | CWE-94 |
| Vendor | frappe technologies |
| Product | frappe framework (erpnext) |
| Published | May 5, 2026 |
| Last Updated | May 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for frappe technologies frappe framework (erpnext)
Be the first to know when new high vulnerabilities affecting frappe technologies frappe framework (erpnext) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Frappe Technologies / Frappe Framework (ERPNext)
13.4.0
References
exploit-db.com: https://www.exploit-db.com/exploits/51580 erpnext.org: http://erpnext.org github.com: https://github.com/frappe/frappe/ ur4ndom.dev: https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/ gist.github.com: https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6 frappeframework.com: https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script github.com: https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42 vulncheck.com: https://www.vulncheck.com/advisories/frappe-framework-erpnext-remote-code-execution
Credits
Sander Ferdinand