CVE-2026-35614

Published April 7th, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0.

frappe/frappe

Low code web framework for real world applications, in Python and Javascript

GitHub

10.3K