CVE-2026-44447 | Frappe ERPNext up to 16.8.x sql injection (GHSA-q65v-fm9p-9vh3)

May 14, 2026 Yanac

A vulnerability marked as critical has been reported in Frappe ERPNext up to 16.8.x. The affected element is an unknown function. This manipulation causes sql injection.

This vulnerability is tracked as CVE-2026-44447. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2026-44471 | GitoxideLabs gitoxide up to 0.21.0 gix-fs/src/stack.rs make_relative_path_current link following (GHSA-f89h-2fjh-2r9q)
CVE-2026-44446 | Frappe ERPNext up to 15.104.2/16.13.x sql injection (GHSA-6fm9-g88m-hxr7)