CVE-2026-50026
Frappe: Lack of permissions checks in 'relink' and 'set_email_password' endpoints
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
9th
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.
| CWE | CWE-862 |
| Vendor | frappe |
| Product | frappe |
| Published | Jun 12, 2026 |
| Last Updated | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for frappe frappe
Be the first to know when new unknown vulnerabilities affecting frappe frappe are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
frappe / frappe
< 15.107.0 < 16.17.0