CVE-2026-44976

EUVD-2026-36493
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
5.3 MEDIUM
NETWORK
LOW
LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
frappefrappe
𝑥
< 16.17.4
CNA
Common Weakness Enumeration
References
https://github.com/frappe/frappe/security/advisories/GHSA-78rj-jch8-42m8