CVE-2026-29077

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.98.0 Frappe versions prior to 14.100.0

Description Frappe is a full-stack web application framework. A flaw exists due to insufficient validation during document sharing, potentially allowing a user to share a document with permissions exceeding their own access rights.

Recommendations Update to Frappe version 15.98.0 or later. Update to Frappe version 14.100.0 or later.

Exploit

Fix

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-602

Related Identifiers

CVE-2026-29077

GHSA-5H4C-9P23-4C3M

Affected Products

Frappe

CVE-2026-29077

Weakness Enumeration

Related Identifiers

Affected Products

References · 6