PatchSiren cyber security CVE debrief
CVE-2026-44208 frappe CVE debrief
CVE-2026-44208 is a vulnerability in the Frappe full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, the 'submit_discussion()' endpoint lacked validations, allowing for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.
- Vendor
- frappe
- Product
- Unknown
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of the Frappe framework, particularly those who have not updated to versions 15.107.0 or 16.17.0, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability, with a CVSS score of 6.9 and a medium severity, was published on [cvePublishedAt] and last modified on [cveModifiedAt]. The issue is related to CWE-284 and CWE-285.
Defensive priority
Medium
Recommended defensive actions
- Update to Frappe versions 15.107.0 or 16.17.0 or later to patch the vulnerability.
- Review and implement proper validations for the 'submit_discussion()' endpoint.
Evidence notes
The CVE record and NVD detail can be found at [resourceLinkAnnotations:cve-org] and [resourceLinkAnnotations:nvd], respectively. Additional information is available at [resourceLinkAnnotations:ref-4].
Official resources
-
CVE-2026-44208 CVE record
CVE.org
-
CVE-2026-44208 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44208 was published on 2026-06-12T16:16:27.843Z and last modified on 2026-06-12T16:17:58.070Z.