Authentication Flaw in Frappe Framework Allows User Onboarding Reset
CVE-2026-44975

5.3MEDIUM

Key Information:

Vendor

Frappe

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-44975?

The Frappe Framework, a full-stack web application framework, was found to have an authentication flaw that enables any authenticated user to reset the onboarding process for all users within the system. This raises significant security concerns as it compromises user management and onboarding protocols. Fortunately, the vulnerability has been addressed in subsequent releases, specifically versions 15.107.2 and 16.17.4, ensuring that user onboarding remains secure.

Affected Version(s)

frappe < 15.107.2 < 15.107.2

frappe < 16.17.4 < 16.17.4

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.