{ "dataType": "CVE_RECORD", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2026-31017", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-07-05T01:32:44.565Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-07-05T01:32:44.565Z" }, "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as