CVE-2026-47182

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 12, 2026

Vendor unknown

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

References

https://github.com/frappe/frappe/security/advisories/GHSA-gvg7-4p32-j648