Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
CVSS
No CVSS.
References
Configurations
No configuration.
History
12 Jun 2026, 16:20
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-12 16:16
Updated : 2026-06-12 16:20
NVD link : CVE-2026-44976
Mitre link : CVE-2026-44976
CVE.ORG link : CVE-2026-44976
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control