A vulnerability was found in Frappe ERPNext up to 15.101.0/16.9.x and classified as critical . Affected is an unknown function. The manipulation results in path traversal. This vulnerability is known as CVE-2026-44440 . It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.