CVE-2026-44208

Frappe is a full-stack web application framework

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE: CWE-284, CWE-285

Description

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44208
[Other]https://github.com/frappe/frappe/security/advisories/GHSA-xh7m-j2j2-82f2

Related CVEs

Same CWE

CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
CVE-2026-44783 — Discourse is an open-source discussion platform (5.4 MEDIUM)
CVE-2026-47182 — Frappe is a full-stack web application framework
CVE-2026-44976 — Frappe is a full-stack web application framework