Unauthorized Access Vulnerability in Frappe Web Application Framework
CVE-2026-44208
6.9MEDIUM
What is CVE-2026-44208?
The Frappe Web Application Framework prior to versions 15.107.0 and 16.17.0 is susceptible to unauthorized access through its 'submit_discussion()' endpoint due to insufficient input validation. An attacker could exploit this vulnerability to gain access to restricted resources, potentially compromising sensitive information. The issue has been addressed in subsequent releases, emphasizing the importance of keeping applications updated to mitigate such vulnerabilities.
Affected Version(s)
frappe < 15.107.0 < 15.107.0
frappe < 16.17.0 < 16.17.0
