CVE-2026-39351

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.

Published Date

April 07, 2026

Last Modified

April 10, 2026

CWE ID

CWE-862

Source

NVD

Vendor

frappe

Product

frappe