CVE-2026-31877

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.84.0 and 14.99.0

Description Frappe is a full-stack web application framework. A specially crafted request to a certain endpoint could result in SQL injection, potentially allowing an attacker to extract information they wouldn't otherwise be able to access. The issue involves a bypass of access controls due to improper field sanitization.

Recommendations Update to Frappe version 15.84.0 or 14.99.0.