Back to overview

CVE-2026-47422

MEDIUM
5.3
CVSS 4.0
Description
Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2.

Metadata

CVE ID
CVE-2026-47422
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-05-19 19:37 UTC
Published
2026-07-10 21:09 UTC
Last updated
2026-07-10 21:09 UTC
Primary CWE
CWE-862
CWE-862: Missing Authorization
Vendor / Product
frappe / frappe
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products (1)
VendorProductPlatformVersions
frappe frappe < 15.107.5, >= 16.0.0-beta.1, < 6.18.2
Weakness (CWE)
CWESourceDescription
CWE-862 cna CWE-862: Missing Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
References (1)
Back to overview