CVE-2026-31878
EUVD-2026-1129011.03.2026, 19:16
Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6.0.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| frappe | frappe | 𝑥 < 14.100.1 |
| frappe | frappe | 15.0.0 ≤ 𝑥 < 15.100.0 |
| frappe | frappe | 16.0.0 ≤ 𝑥 < 16.6.0 |
𝑥
= Vulnerable software versions