← voltar
CVE-2026-44207

Frappe: Insecure Direct Object Reference for email accounts

CVSS 6.9 MEDIUMEPSS 0.3%CWE-639
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
frappe · frappe

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/frappe/frappe/security/advisories/GHSA-cw6v-39qx-7r74