๐Ÿ” CVE Alert

CVE-2026-41581

UNKNOWN 0.0

Frappe Vulnerable to Possible SQL Injection via get_blog_list

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
5th

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.16.0.

CWE CWE-89
Vendor frappe
Product frappe
Published Jun 12, 2026
Last Updated Jun 12, 2026
Stay Ahead of the Next One

Get instant alerts for frappe frappe

Be the first to know when new unknown vulnerabilities affecting frappe frappe are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

frappe / frappe
< 15.106.0 < 16.16.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/frappe/frappe/security/advisories/GHSA-h9hf-57r4-cm65