PatchSiren cyber security CVE debrief
CVE-2026-46546 Frappe CVE debrief
CVE-2026-46546 is a vulnerability in Frappe Learning Management System (LMS) prior to version 2.53.0. An authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0. The CVSS score for this vulnerability is 2.1, indicating a low severity.
- Vendor
- Frappe
- Product
- Learning Management System (LMS)
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Frappe Learning Management System (LMS) prior to version 2.53.0 should be aware of this vulnerability and take steps to patch their systems.
Technical summary
CVE-2026-46546 is a vulnerability in Frappe Learning Management System (LMS) prior to version 2.53.0 that allows an authenticated user to supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL.
Defensive priority
Low
Recommended defensive actions
- Update Frappe Learning Management System (LMS) to version 2.53.0 or later.
Evidence notes
CVE-2026-46546 has been patched in version 2.53.0.
Official resources
-
CVE-2026-46546 CVE record
CVE.org
-
CVE-2026-46546 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-46546 was published on 2026-06-10T01:16:28.110Z and modified on 2026-06-10T20:19:06.020Z.