DB Schema Enumeration Vulnerability in Frappe Web Application Framework
CVE-2026-44206

6.9MEDIUM

Key Information:

Vendor

Frappe

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-44206?

The Frappe web application framework has a vulnerability that allows unauthorized users to enumerate database schemas via a specific endpoint. This issue impacts versions prior to 15.107.2 and 16.17.4, where attackers can potentially gain insights into the structure of the database, leading to further exploitation. Users are strongly advised to upgrade to the patched versions to eliminate this security risk.

Affected Version(s)

frappe < 15.107.2 < 15.107.2

frappe < 16.17.4 < 16.17.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.