CVE-2026-39352

Sažetak

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.

Reference

https://github.com/frappe/frappe/releases/tag/v16.15.0
https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-05-2026 - 15:24

Objavljeno

20-05-2026 - 20:16