CVE-2026-39351

Summary

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.

Affected Software

VendorProductVersion RangeStatus
frappefrappe< 15.104.0affected
frappefrappe>= 16.0.0-beta.1, < 16.14.0affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References