PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49394 frappe CVE debrief

CVE-2026-49394 is an authorization bypass vulnerability in Frappe, a full-stack web application framework. The issue was fixed in version 16.19.0. The vulnerability affects the update_page endpoint in Workspace, allowing public workspaces to bypass the required Workspace Manager edit check. This issue has a high CVSS score of 7.1, indicating a high severity vulnerability. Users of Frappe framework, especially those with public workspaces, should verify their systems are updated to version 16.19.0 or later.

Vendor
frappe
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of Frappe framework, especially those with public workspaces, should verify their systems are updated to version 16.19.0 or later. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed. The vulnerability has a high CVSS score of 7.1, indicating a high severity vulnerability.

Technical summary

CVE-2026-49394 is an authorization bypass vulnerability in Frappe's update_page endpoint in Workspace. Public workspaces did not receive the required Workspace Manager edit check, allowing unauthorized access. The issue is fixed in version 16.19.0. The vulnerability has a high CVSS score of 7.1, indicating a high severity vulnerability. Affected product deployments should be verified, and owners should be assigned for follow-up.

Defensive priority

High priority due to high CVSS score of 7.1 and potential for unauthorized access.

Recommended defensive actions

  • Verify Frappe version is 16.19.0 or later
  • Check public workspaces for proper configuration
  • Monitor for suspicious activity on update_page endpoint
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

Evidence is based on official CVE and NVD records. Limited details are available about affected scope and potential impact. The CVE record was published on 2026-07-10T22:16:42.410Z and has not been modified since then. The vulnerability affects Frappe framework, specifically version prior to 16.19.0. Public workspaces did not receive the required Workspace Manager edit check, allowing unauthorized access.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:42.410Z and has not been modified since then.