PatchSiren cyber security CVE debrief
CVE-2026-44206 frappe CVE debrief
CVE-2026-44206 is a MEDIUM severity vulnerability in Frappe, a full-stack web application framework. Versions prior to 15.107.2 and 16.17.4 are affected by a DB Schema Enumeration vulnerability through an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- frappe
- Product
- Unknown
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Frappe framework versions prior to 15.107.2 and 16.17.4 should apply the patches to prevent DB Schema Enumeration.
Technical summary
The vulnerability allows for DB Schema Enumeration through an endpoint in Frappe framework versions prior to 15.107.2 and 16.17.4. The CVSS score is 6.9 (MEDIUM).
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches in versions 15.107.2 and 16.17.4 or later.
Evidence notes
The CVE was published on [resourceLinkAnnotations:cve-org] and detailed information can be found on [resourceLinkAnnotations:nvd]. The advisory can be found at [resourceLinkAnnotations:ref-4].
Official resources
-
CVE-2026-44206 CVE record
CVE.org
-
CVE-2026-44206 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44206 was published on 2026-06-12T16:16:27.583Z and last modified on 2026-06-12T16:17:58.070Z.