Home

Description

Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2.

PUBLISHED Reserved 2026-05-19 | Published 2026-07-10 | Updated 2026-07-14 | Assigner GitHub_M




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

< 15.107.5
affected

>= 16.0.0-beta.1, < 6.18.2
affected

References

github.com/...frappe/security/advisories/GHSA-w8g7-j846-j248

cve.org (CVE-2026-47422)

nvd.nist.gov (CVE-2026-47422)

Download JSON