CVE Database · CVE-2026-44207
CVSS v3.1
N/A
CVSS v4.0
6.9
EPSS
0.32%
Published
Jun 12, 2026
Modified
Jun 12, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0.
Weaknesses (CWE)
