Vulnerability Description
Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.
Related Weaknesses (CWE)
References
- https://github.com/frappe/frappe/releases/tag/v16.15.0
- https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv
FAQ
What is CVE-2026-39352?
CVE-2026-39352 is a documented vulnerability. Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.1...
How severe is CVE-2026-39352?
CVSS scoring is not yet available for CVE-2026-39352. Check NVD for updates.
Is there a patch for CVE-2026-39352?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.