CVE-2026-47182

Frappe is a full-stack web application framework

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE: CWE-284

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-47182
[Other]https://github.com/frappe/frappe/security/advisories/GHSA-gvg7-4p32-j648

Related CVEs

Same CWE

CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
CVE-2026-44783 — Discourse is an open-source discussion platform (5.4 MEDIUM)
CVE-2026-44976 — Frappe is a full-stack web application framework
CVE-2026-44208 — Frappe is a full-stack web application framework
CVE-2026-47200 — Nuxt is an open-source web development framework for Vue.js