CVE-2026-26977

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions 2.44.0 and below

Description Frappe Learning Management System (LMS) allows unauthorized users to access details of unpublished courses through API endpoints. The system is designed to help users structure content.

Recommendations Update to version 2.45.0 or later.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2026-26977

GHSA-26VF-P39Q-FRX3

Affected Products

Frappe Learning Management System

CVE-2026-26977

Weakness Enumeration

Related Identifiers

Affected Products

References · 5