CVE-2026-44976

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

References

• https://github.com/frappe/frappe/security/advisories/GHSA-78rj-jch8-42m8