Primary

Context

ERPNext Authorization Bypass Vulnerability Allowing Unauthorized Data Modification

Vulnerability

Patched

A vulnerability in ERPNext prior to versions 15.102.0 and 16.11.0 allows users to modify data beyond their assigned roles due to certain endpoints not enforcing proper authorization checks. This issue has been addressed in the mentioned patched versions.

Impact

Exploitation of this vulnerability could lead to unauthorized data modifications, allowing users to change information they are not permitted to.

Remediation

Users are advised to upgrade to ERPNext versions 15.102.0 or 16.11.0.

Added: May 13, 2026, 10:19 PM

Updated: May 13, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ERPNext Authorization Bypass Vulnerability Allowing Unauthorized Data Modification

Vulnerability

Impact

Remediation

Affected Products

ERPNext

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating