CVE-2026-47182 MEDIUM

CVE-2026-47182: Frappe: Broken Access Control on Private Files

Vendor Frappe

Product frappe

Weakness CWE-284

Published June 12, 2026

Last update June 12, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

Key dates

02Disclosure timeline

June 12, 2026 CVE published

June 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-47182

Related vulnerabilities

04Related CVE

CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic CVE-2026-5569 Technostrobe HI-LED-WR120-G2 Endpoint access control CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation CVE-2024-13067 CodeAstro Online Food Ordering System All Users Page all_users.php access control