CVE-2026-39352

UNKNOWN View on NVD ↗

Description

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.

References

https://github.com/frappe/frappe/releases/tag/v16.15.0
https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv

Published: May 20, 2026 20:16 UTC Modified: May 21, 2026 15:24 UTC