A vulnerability was found in Frappe ERPNext up to 16.9.0 . It has been classified as critical . Affected by this vulnerability is an unknown functionality. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-44442 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.