CVE-2026-44206 | THREATINT

Description

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4.

PUBLISHED Reserved 2026-05-05 | Published 2026-06-12 | Updated 2026-06-12 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

< 15.107.2

affected

< 16.17.4

affected

References

github.com/...frappe/security/advisories/GHSA-9c55-cq5r-qj5x

cve.org (CVE-2026-44206)

nvd.nist.gov (CVE-2026-44206)

Download JSON