Perceptive Security
SOC/SIEM Consultancy
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute …
Published:
4 mei 2026 om 22:00:00
Alert date:
5 mei 2026 om 13:07:56
Source:
nvd.nist.gov
Enterprise Applications, Web Technologies
CVE-2023-54345 affects Frappe Framework ERPNext 13.4.0, containing a sandbox escape vulnerability in RestrictedPython. Authenticated users with System Manager role can execute arbitrary code by exploiting frame introspection. Attackers create server scripts via /app/server-script endpoint and access gi_frame attribute to traverse the call stack. This allows invoking os.popen to execute system commands, effectively bypassing security restrictions. The vulnerability represents a significant privilege escalation risk in ERPNext deployments.
Technical details
Mitigation steps:
Affected products:
Frappe Framework ERPNext
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2023-54345
http://erpnext.org
https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script
https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6
https://github.com/frappe/frappe/
https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42
https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/
https://www.exploit-db.com/exploits/51580
https://www.vulncheck.com/advisories/frappe-framework-erpnext-remote-code-execution
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.