CVE-2026-41581

CVE-2026-41581

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.16.0.

Vulnerability class: SQL Injection

Weakness classification (CWE)

References