CVE-2026-41581

Published June 12th, 2026

View on NVD ↗

CVSS v3

N/A

CVSS v2

N/A

Affected

PROJECT

Description

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.16.0.

frappe/frappe

Low code web framework for real world applications, in Python and Javascript

GitHub

10.3K