Auth bypass in Frappe Lms

CVE-2026-26977

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this…

Vulnerability class: Broken Access Control

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.