Critical severity9.1NVD Advisory· Published Apr 7, 2026· Updated Apr 10, 2026
CVE-2026-39351
CVE-2026-39351
Description
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/frappe/frappe/security/advisories/GHSA-8ggw-hfr6-rw3xnvdVendor Advisory
News mentions
0No linked articles in our index yet.