CVE Catalog

CVE-2026-44208

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

Frappe is a web application framework that prior to versions 15.107.0 and 16.17.0 lacked validations in the 'submit_discussion()' endpoint, allowing unauthorized access to resources.

Risk Assessment

The lack of proper validations may lead to unauthorized access to sensitive data, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to versions 15.107.0 or 16.17.0 to mitigate this vulnerability.

Original NVD description (English source)

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS