A vulnerability was found in frappe erpnext up to 15.110.x/16.21.x. It has been declared as problematic. The affected element is an unknown function of the component Configuration. The manipulation of the argument Configuration results in improper neutralization of special elements used in a template engine.

This vulnerability was named CVE-2026-55242. The attack may be performed from remote. There is no available exploit.