PatchSiren cyber security CVE debrief
CVE-2026-44975 frappe CVE debrief
CVE-2026-44975 is a vulnerability in Frappe, a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versions 15.107.2 and 16.17.4. The CVSS score for this vulnerability is 5.3, with a severity of MEDIUM.
- Vendor
- frappe
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Frappe framework, especially those with authenticated users, should be aware of this vulnerability and take necessary actions to patch their systems.
Technical summary
The vulnerability allows an authenticated user to reset onboarding for all users in the system. This can be exploited by an attacker with legitimate access to the system, potentially leading to unintended changes to user settings.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Frappe to version 15.107.2 or 16.17.4 or later.
- Restrict access to sensitive features for authenticated users.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2026-44975 CVE record
CVE.org
-
CVE-2026-44975 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44975 was published on 2026-06-12T16:16:28.120Z and modified on 2026-06-12T16:17:58.070Z.