PatchSiren cyber security CVE debrief
CVE-2026-44205 frappe CVE debrief
CVE-2026-44205 is a stored XSS vulnerability in the user profile image section of Frappe, a full-stack web application framework. This issue allows an attacker to execute malicious scripts in the browsers of other users. The vulnerability has been patched in version 15.106.0.
- Vendor
- frappe
- Product
- Unknown
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Frappe framework, especially those who manage user profiles and images, should be aware of this vulnerability and take necessary actions to patch their systems.
Technical summary
The vulnerability is caused by improper sanitization of user input in the profile image section, allowing an attacker to inject malicious scripts. The CVSS score for this vulnerability is 6.9, indicating a medium severity.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Frappe to version 15.106.0 or later to patch the vulnerability.
- Review user profile images for any malicious scripts and remove them if found.
- Implement additional security measures to prevent similar vulnerabilities in the future.
Evidence notes
The vulnerability was reported and patched by the Frappe team. The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-44205).
Official resources
-
CVE-2026-44205 CVE record
CVE.org
-
CVE-2026-44205 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44205 was published on 2026-06-12T15:16:25.920Z and modified on 2026-06-12T15:56:54.563Z.