Auth bypass in Frappe Lms

CVE-2026-26031

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolle…

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.9th percentile) — read the EPSS interpretation.

Affected products

Frappe Lms — versions < 2.44.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/frappe/lms/security/advisories/GHSA-3gw9-gwjm-vcq5 (x_refsource_CONFIRM)
https://github.com/frappe/lms/releases/tag/v2.44.0 (x_refsource_MISC)