CVE-2026-44976

Published June 12th, 2026

View on NVD ↗

CVSS v3

N/A

CVSS v2

N/A

Affected

PROJECT

Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

frappe/frappe

Low code web framework for real world applications, in Python and Javascript

GitHub

10.3K