CVE-2026-50026

CVE-2026-50026

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

Vulnerability class: Broken Access Control

Weakness classification (CWE)

References