IDOR Vulnerability in Frappe Framework Exposes Email Configurations
CVE-2026-44207
6.9MEDIUM
What is CVE-2026-44207?
The Frappe Framework is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability, which permits authenticated users to access email configuration details of other users without proper authorization. This flaw compromises user privacy as it enables unauthorized information disclosure. It has been addressed in Frappe Framework versions 15.107.0 and 16.17.0, so users are urged to update to these versions to mitigate the risk.
Affected Version(s)
frappe < 15.107.0 < 15.107.0
frappe < 16.17.0 < 16.17.0
