CVE-2026-38431

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

https://c0wking.hashnode.dev/ssti-in-erpnext-frappe-email-t…

https://c0wking.hashnode.dev/ssti-in-erpnext-frappe-email-template-engine

CVE-2026-38431

Description

Iscriviti alla newsletter