CVE-2026-44208
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Frappe is a web application framework that prior to versions 15.107.0 and 16.17.0 lacked validations in the 'submit_discussion()' endpoint, allowing unauthorized access to resources.
Risk Assessment
The lack of proper validations may lead to unauthorized access to sensitive data, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to versions 15.107.0 or 16.17.0 to mitigate this vulnerability.
Original NVD description (English source)
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

