CVE-2026-26031

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-26031

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26031.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-26031

Aliases

GHSA-3gw9-gwjm-vcq5

Published

2026-02-11T21:32:15.323Z

Modified

2026-03-03T01:22:58.974808Z

Severity

1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Details

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed in 2.44.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26031.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

Git / github.com/frappe/lms

Affected ranges

Type: GIT
Repo: https://github.com/frappe/lms
Events: Introduced

63d613a88e10e23851bc6d76d0daa2de0c753c21

Fixed

94f9801d3fbfb39ebab2b467f9c06c4061606ef8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26031.json"