PatchSiren cyber security CVE debrief
CVE-2026-55852 frappe CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:43.970Z and has not been modified since then. Frappe framework versions prior to 16.23.0 and 15.112.0 are affected by TarSlip RCE vulnerability. Users should apply patches and review package import processes. This vulnerability allows for Remote Code Execution (RCE) due to insufficient checking of tarfile members before extraction. Affected users should ensure secure tarfile extraction and monitor for suspicious activity related to package imports.
- Vendor
- frappe
- Product
- Unknown
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Frappe framework versions prior to 16.23.0 and 15.112.0 should apply patches to prevent TarSlip RCE attacks. Security teams and operators managing Frappe-based systems should review and update package import processes. This includes ensuring secure tarfile extraction, monitoring for suspicious activity related to package imports, and verifying patch application.
Technical summary
Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0. Affected users should ensure secure tarfile extraction and monitor for suspicious activity. It is crucial to review package import processes and verify patch application to prevent potential RCE attacks.
Defensive priority
High priority due to CVSS score of 8.6 and potential for RCE attacks. Immediate action is required to apply patches and review package import processes to prevent potential exploitation.
Recommended defensive actions
- Apply patches to Frappe framework versions prior to 16.23.0 and 15.112.0
- Review and update package import processes to ensure secure tarfile extraction
- Monitor for suspicious activity related to package imports
- Verify patch application and system logs for affected systems
- Conduct exposure review for Frappe-based systems
- Implement compensating controls for exposed systems
- Track exceptions and retest remediated assets
Evidence notes
Evidence from official CVE record and NVD detail. Limited information available on exploitability and affected systems. Defenders should verify patch application and monitor for suspicious package imports. Additional review of system logs and package import processes is recommended. The CVE record provides details on the vulnerability, but further investigation may be needed to understand the full scope of affected systems and potential impact.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:43.970Z and has not been modified since then.