CVE-2026-39352

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 20, 2026

Vendor unknown

Description

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.

References

https://github.com/frappe/frappe/releases/tag/v16.15.0
https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv