CVE-2026-41482
Frappe: Possible Path Traversal and Local File Inclusion via Chrome PDF Generator
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
frappe · frappeReferencias
https://github.com/frappe/frappe/commit/11066591ed7aa91a7b742f3f689277a90e620ce0https://github.com/frappe/frappe/commit/46841f7fde3954e1d3b3a7e248a6d6022343e657https://github.com/frappe/frappe/pull/38643https://github.com/frappe/frappe/pull/39396https://github.com/frappe/frappe/releases/tag/v16.18.3https://github.com/frappe/frappe/security/advisories/GHSA-234v-jfr8-v2f8