๐Ÿ” CVE Alert

CVE-2026-44976

UNKNOWN 0.0

Frappe: IDOR in update_onboarding_step

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
5th

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

CWE CWE-284
Vendor frappe
Product frappe
Published Jun 12, 2026
Last Updated Jun 12, 2026
Stay Ahead of the Next One

Get instant alerts for frappe frappe

Be the first to know when new unknown vulnerabilities affecting frappe frappe are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

frappe / frappe
< 16.17.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/frappe/frappe/security/advisories/GHSA-78rj-jch8-42m8