CVE Catalog

CVE-2026-47182

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

7th percentile — higher than 7% of all known CVEs

Summary

Frappe is a web application framework. Prior to version 16.17.4, any authenticated user could access private files by guessing the file path. This issue has been patched in version 16.17.4.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data by authenticated users. This could lead to information leakage and privacy violations.

Recommendation

It is recommended to upgrade to version 16.17.4 or later to mitigate this issue.

Original NVD description (English source)

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS