Security Advisory

CVE-2026-39351

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-07 18:52:01

Last updated 2026-04-09 16:10:37

Assigner GitHub_M

State PUBLISHED

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.