CVE Catalog

CVE-2026-50026

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

Frappe is a web application framework that prior to versions 15.107.0 and 16.17.0 had a vulnerability related to a lack of permission checks in certain endpoints, allowing unauthorized access to resources.

Risk Assessment

The absence of proper permission checks may lead to unauthorized access to sensitive data, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to versions 15.107.0 or 16.17.0 to mitigate this vulnerability and secure access to resources.

Original NVD description (English source)

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS