URL Navigation Vulnerability in Frappe Learning Management System
CVE-2026-46546

2.1LOW

Key Information:

Vendor

Frappe

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-46546?

Frappe Learning Management System (LMS) prior to version 2.53.0 has a vulnerability that allows authenticated users to inject malicious URLs into specific user-editable fields. Subsequently, when this content is rendered in page metadata, it may redirect unsuspecting visitors to attacker-controlled sites. This issue poses a significant risk, as it can lead to phishing attacks and compromise user data. The vulnerability has been addressed in the latest version 2.53.0, which users are encouraged to upgrade to in order to secure their systems.

Affected Version(s)

lms < 2.53.0

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.