CVE Catalog
CVE-2026-44976
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.02%
5th percentile — higher than 5% of all known CVEs
Summary
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user could modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
Risk Assessment
The ability for unauthorized users to modify records may lead to incorrect data in the system and potential abuses.
Recommendation
It is recommended to upgrade to version 16.17.4 or later to secure the system against this vulnerability.
Original NVD description (English source)
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

