Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Frappe: Malicious Document Sharing in Older Versions
CVE-2026-29077
Summary
Older versions of Frappe's document sharing feature didn't check permissions properly, allowing users to share sensitive documents with others, even if they shouldn't have access. This could lead to unauthorized access to sensitive information. To fix this, update to Frappe versions 15.98.0 or 14.100.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| frappe | frappe | <= 14.100.0 | – |
| frappe | frappe | > 15.0.0 , <= 15.98.0 | – |
Original title
Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that th...
Original description
Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0.
nvd CVSS3.1
7.1
Vulnerability type
CWE-284
Improper Access Control
CWE-602
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026