CVE-2026-39352

🔶 medium

Summary

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.

CVSS Score

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-20

First Seen: 2026-05-21

🎯 CISA SSVC Assessment Updated: May 21, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-21

Source NVD 🔗

CVSS Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE IDs (Weakness Types)

CWE-22

CVE-2026-39352

Summary

🎯 CISA SSVC Assessment Updated: May 21, 2026

📦 Affected Products 0

🔗 References 2