CVE-2026-26977
Frappe Learning Management System exposes details of unpublished courses to unauthorized users
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.
| CWE | CWE-862 CWE-284 |
| Vendor | frappe |
| Product | lms |
| Published | Feb 20, 2026 |
| Last Updated | Feb 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for frappe lms
Be the first to know when new unknown vulnerabilities affecting frappe lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
frappe / lms
<= 2.44.0