CVE-2026-41482
Frappe: Possible Path Traversal and Local File Inclusion via Chrome PDF Generator
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
frappe · frappeReferências
https://github.com/frappe/frappe/commit/11066591ed7aa91a7b742f3f689277a90e620ce0https://github.com/frappe/frappe/commit/46841f7fde3954e1d3b3a7e248a6d6022343e657https://github.com/frappe/frappe/pull/38643https://github.com/frappe/frappe/pull/39396https://github.com/frappe/frappe/releases/tag/v16.18.3https://github.com/frappe/frappe/security/advisories/GHSA-234v-jfr8-v2f8