CVE Catalog

CVE-2026-44976

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

5th percentile — higher than 5% of all known CVEs

Summary

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user could modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

Risk Assessment

The ability for unauthorized users to modify records may lead to incorrect data in the system and potential abuses.

Recommendation

It is recommended to upgrade to version 16.17.4 or later to secure the system against this vulnerability.

Original NVD description (English source)

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS