cvedb.io
CVE-2026-32954
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2026-03-20T05:16:14.877 · Last modified 2026-06-17T10:36:37.823

Summary

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue has been fixed in versions 15.100.0 and 16.8.0.

Affected products

frappe — erpnext

Does this affect you?

Add your gear to cvedb and we'll alert you only when frappe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.