Unauthorized Resource Access in Frappe Framework
CVE-2026-50026

6.9MEDIUM

Key Information:

Vendor

Frappe

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-50026?

Frappe Framework, utilized for developing enterprise applications, was found to have a security flaw that allowed unauthorized users to access sensitive resources due to insufficient permission checks in certain endpoints. This vulnerability has since been addressed in the more recent versions 15.107.0 and 16.17.0, which implement necessary checks to safeguard against unauthorized access.

Affected Version(s)

frappe < 15.107.0 < 15.107.0

frappe < 16.17.0 < 16.17.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.