CVE-2026-47182 | THREATINT

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

PUBLISHED Reserved 2026-05-18 | Published 2026-06-12 | Updated 2026-06-12 | Assigner GitHub_M

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-284: Improper Access Control

Product status

< 16.17.4

affected

References

github.com/...frappe/security/advisories/GHSA-gvg7-4p32-j648

cve.org (CVE-2026-47182)

nvd.nist.gov (CVE-2026-47182)

Download JSON