CVE-2026-38431

EPSS 0.04% · P14 Updated May 07, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-38431

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ERPNext 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext v15.103.1及之前版本存在安全漏洞，该漏洞源于服务器端模板注入，具有创建或编辑电子邮件模板权限的攻击者可注入模板表达式，在服务器渲染时执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2026-38431

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-38431

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2026-38431

Same Patch Batch · n/a · 2026-05-05 · 14 CVEs total

CVE-2026-36355		Realtek rtl819x Jungle SDK 信息泄露漏洞
CVE-2026-36356		MeiG FORGE_SLT711 操作系统命令注入漏洞
CVE-2026-34408		Gambio 安全漏洞
CVE-2026-39103		GPAC 安全漏洞
CVE-2026-31196		Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞
CVE-2026-31195		Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞
CVE-2025-52206		ISPConfig 跨站脚本漏洞
CVE-2025-66369		Samsung多款产品安全漏洞
CVE-2026-38429		opencms 安全漏洞
CVE-2026-38432		ERPNext 安全漏洞
CVE-2026-38428		kestra 安全漏洞
CVE-2026-38947		FluentCMS 安全漏洞
CVE-2024-52911		Bitcoin Core 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2026-38431

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-38431

I. Basic Information for CVE-2026-38431

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-38431

III. Intelligence Information for CVE-2026-38431

Same Patch Batch · n/a · 2026-05-05 · 14 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-38431

Leave a comment