CVE-2026-55242 - ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix
CVE ID :CVE-2026-55242 Published : July 15, 2026, 4:16 p.m. | 17 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection...