CVE-2026-44976

Frappe is a full-stack web application framework

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE: CWE-284

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44976
[Other]https://github.com/frappe/frappe/security/advisories/GHSA-78rj-jch8-42m8

Related CVEs

Same CWE

CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
CVE-2026-44783 — Discourse is an open-source discussion platform (5.4 MEDIUM)
CVE-2026-47182 — Frappe is a full-stack web application framework
CVE-2026-44208 — Frappe is a full-stack web application framework
CVE-2026-47200 — Nuxt is an open-source web development framework for Vue.js