PT-2026-57315 · Frappe · Frappe

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-47199

CVSS v4.0

2.3

Low

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check safe sql query permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in versions 16.18.3 and 15.108.0.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47199

Affected Products

Frappe