Skip to main content

ERPNext CVE-2026-44440

| EUVD-2026-30193 MEDIUM
Path Traversal (CWE-22)
2026-05-13 GitHub_M
Path Traversal Erpnext
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 11:13 vuln.today
Patch available
May 13, 2026 - 23:17 EUVD

DescriptionGitHub Advisory

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is fixed in 15.101.1 and 16.10.0.

AnalysisAI

Path traversal in ERPNext exposes arbitrary server files to authenticated low-privileged users via a vulnerable endpoint that fails to restrict directory access. Affected versions are ERPNext prior to 15.101.1 and the 16.x beta line prior to 16.10.0, packaged under CPE cpe:2.3:a:frappe:erpnext. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain valid ERPNext user credentials
Delivery
Authenticate to network-accessible ERPNext instance
Exploit
Craft HTTP request with path traversal payload
Install
Submit request to vulnerable endpoint
C2
Bypass directory restriction check
Execute
Read arbitrary files within server process permissions
Impact
Exfiltrate sensitive configuration or credential data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid ERPNext user account (authenticated access - CVSS PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.5 (Medium) is driven primarily by the High confidentiality impact and network attack vector, tempered by the requirement for prior authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a standard ERPNext user account authenticates to the application and submits a crafted HTTP request to the vulnerable endpoint, embedding path traversal sequences (e.g., '../../etc/passwd' or equivalent) in a filename or path parameter. Because no additional complexity or user interaction is required, the server returns the contents of the targeted file, enabling the attacker to read sensitive operating system files, application configuration files containing database credentials, or private keys. …
Remediation The primary fix is to upgrade ERPNext to version 15.101.1 (stable branch) or 16.10.0 (16.x branch), both confirmed as patching this vulnerability by the vendor advisory at https://github.com/frappe/erpnext/security/advisories/GHSA-6ffr-92hr-3394. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44440 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy