CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

CVE-2026-44445

ERPNext contains an XXE (XML External Entity) vulnerability in the EDI Module that affects versions prior to 15.104.3 and 16.12.0. An authenticated attacker could read local filesystem files, including sensitive configuration files. The issue is fixed in 15.104.3 and 16.12.0. Impact is limited to...

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...