Frappe Vulnerabilities
Comprehensive security vulnerability database for Frappe products
1
1
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-27471 | 9.3 | This vulnerability allows an attacker to access sensitive documents in the ERPNext system without proper authorization, potentially exposing confidential information. It affects versions up to 15.98.0 and 16.0.0-rc.1 and requires the attacker to have access to certain endpoints that do not properly check user permissions. | frappeerpnext | Theoretical | about 2 months agoFeb 21, 2026 |
About Frappe Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Frappe products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.