Frappe: >> Frappe >> 15.103.3 Security Vulnerabilities
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-07
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-04-07