CVE-2026-44445 | Frappe ERPNext up to 15.104.2/16.11.x EDI Module xml external entity reference (GHSA-mhm9-75w7-423r)

Inserito da Angelo Barbosa | Mag 14, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Frappe ERPNext up to 15.104.2/16.11.x. The affected element is an unknown function of the component EDI Module. The manipulation results in xml external entity reference.

This vulnerability was named CVE-2026-44445. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-44445 | Frappe ERPNext up to 15.104.2/16.11.x EDI Module xml external entity reference (GHSA-mhm9-75w7-423r)

Post correlati

CVE-2024-6906 | SourceCodester Record Management System 1.0 add_leave_non_user.php LSS sql injection

CVE-2026-25099 | Bludit up to 3.18.3 unrestricted upload

CVE-2026-2919 | Mozilla Focus up to 148.1 on iOS Trusted Domain ui layer

CVE-2025-0484 | Fanli2012 native-php-cms 1.0 Backend sysconfig_doedit.php improper authorization