CVE-2026-44445: CWE-611: Improper Restriction of XML External Entity Reference in frappe erpnext
ERPNext versions prior to 15. 104. 3 and 16. 12. 0 contain an XML External Entity (XXE) vulnerability in the EDI Module. This flaw allows an authenticated attacker to read local files, including sensitive configuration files. The vulnerability is identified as CWE-611 and has a medium severity with a CVSS 4. 0 base score of 5. 3. Fixed versions 15.
AI Analysis
Technical Summary
CVE-2026-44445 is an improper restriction of XML external entity references vulnerability (CWE-611) in the ERPNext EDI Module. It affects versions prior to 15.104.3 and 16.12.0. An authenticated attacker can exploit this vulnerability to read arbitrary files from the local file system, potentially exposing sensitive configuration data. The vulnerability has a CVSS 4.0 score of 5.3, indicating medium severity. The issue is resolved in ERPNext versions 15.104.3 and 16.12.0.
Potential Impact
An authenticated attacker can read files from the local file system, including sensitive configuration files, which may lead to information disclosure. There is no indication of remote code execution or privilege escalation. No known active exploitation has been reported.
Mitigation Recommendations
Upgrade ERPNext to version 15.104.3 or later, or 16.12.0 or later, where this vulnerability is fixed. Since the vendor advisory confirms the fix in these versions, applying these updates fully mitigates the risk. No additional mitigations are specified or required.
CVE-2026-44445: CWE-611: Improper Restriction of XML External Entity Reference in frappe erpnext
Description
ERPNext versions prior to 15. 104. 3 and 16. 12. 0 contain an XML External Entity (XXE) vulnerability in the EDI Module. This flaw allows an authenticated attacker to read local files, including sensitive configuration files. The vulnerability is identified as CWE-611 and has a medium severity with a CVSS 4. 0 base score of 5. 3. Fixed versions 15.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-44445 is an improper restriction of XML external entity references vulnerability (CWE-611) in the ERPNext EDI Module. It affects versions prior to 15.104.3 and 16.12.0. An authenticated attacker can exploit this vulnerability to read arbitrary files from the local file system, potentially exposing sensitive configuration data. The vulnerability has a CVSS 4.0 score of 5.3, indicating medium severity. The issue is resolved in ERPNext versions 15.104.3 and 16.12.0.
Potential Impact
An authenticated attacker can read files from the local file system, including sensitive configuration files, which may lead to information disclosure. There is no indication of remote code execution or privilege escalation. No known active exploitation has been reported.
Mitigation Recommendations
Upgrade ERPNext to version 15.104.3 or later, or 16.12.0 or later, where this vulnerability is fixed. Since the vendor advisory confirms the fix in these versions, applying these updates fully mitigates the risk. No additional mitigations are specified or required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-06T15:49:25.192Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04f261cbff5d861012801a
Added to database: 5/13/2026, 9:51:29 PM
Last enriched: 5/13/2026, 10:06:58 PM
Last updated: 5/13/2026, 11:55:02 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.