Critical severityNVD Advisory· Published May 20, 2026· Updated May 21, 2026
CVE-2026-39405
CVE-2026-39405
Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.50.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.