CVE-2026-31017

CRITICAL EPSS 15.6%

Published Apr 8, 20262mo ago · Modified Jun 17, 20261w ago

9.1 CVSS 3.1

Critical

Published Apr 8, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attacker can abuse this behavior to force the server to make arbitrary HTTP requests to internal services, including cloud metadata endpoints, potentially leading to sensitive information disclosure.

CVSS Details

Base Score

9.1

Exploitability

3.9

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

15.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 2

Vendor	Product	Version	Range
frappe	erpnext	16.0.1	any
frappe	frappe	16.1.1	any

References 2

frappe.com http://frappe.com

Product
github.com https://github.com/PhDg1410/CVE/tree/main/CVE-2026-31017

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.