Authorization Bypass in Frappe Web Application Framework
CVE-2026-44976
5.3MEDIUM
What is CVE-2026-44976?
The Frappe web application framework exhibits a vulnerability allowing any user to modify any field in any Onboarding Step record prior to version 16.17.4. This flaw undermines the integrity of user permissions and could lead to unauthorized changes within the application. To mitigate this risk, it is crucial that users update to version 16.17.4 or later, where this issue has been addressed. For more information, please refer to the advisory provided in the references.
Affected Version(s)
frappe < 16.17.4
