CVE-2026-50026
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Frappe is a web application framework that prior to versions 15.107.0 and 16.17.0 had a vulnerability related to a lack of permission checks in certain endpoints, allowing unauthorized access to resources.
Risk Assessment
The absence of proper permission checks may lead to unauthorized access to sensitive data, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to versions 15.107.0 or 16.17.0 to mitigate this vulnerability and secure access to resources.
Original NVD description (English source)
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

