CVE-2026-27471
ERP: Document access through endpoints due to missing validation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.
| CWE | CWE-862 CWE-306 CWE-284 |
| Vendor | frappe |
| Product | erpnext |
| Published | Feb 21, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for frappe erpnext
Be the first to know when new unknown vulnerabilities affecting frappe erpnext are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
frappe / erpnext
>= 16.0.0-rc.1, < 16.6.1 < 15.98.1