A vulnerability categorized as problematic has been discovered in Frappe ERPNext up to 15.104.2/16.11.x . The affected element is an unknown function of the component EDI Module . The manipulation results in xml external entity reference. This vulnerability was named CVE-2026-44445 . The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.