NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-39352

Summary	Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.
Publication Date	May 21, 2026, 5:16 a.m.
Registration Date	May 22, 2026, 4:07 a.m.
Last Update	May 22, 2026, 12:24 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/frappe/frappe/releases/tag/v16.15.0	security-advisories@github.com
2	https://github.com/frappe/frappe/security/advisories/GHSA-67rf-pxgh-vfqv	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html