CVE-2026-41482

Source
https://cve.org/CVERecord?id=CVE-2026-41482
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41482.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41482
Aliases
  • GHSA-234v-jfr8-v2f8
Published
2026-07-10T21:20:36.507Z
Modified
2026-07-16T03:31:09.797825609Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Frappe: Possible Path Traversal and Local File Inclusion via Chrome PDF Generator
Details

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41482.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/frappe/frappe

Affected ranges

Type
GIT
Repo
https://github.com/frappe/frappe
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.18.3"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

12.*
12.0.0
4.*
4.0.0
4.0.0-beta1
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v11.*
v11.0.0-beta
v12.*
v12.0.0
v12.0.1
v12.0.10
v12.0.11
v12.0.12
v12.0.13
v12.0.14
v12.0.15
v12.0.16
v12.0.2
v12.0.3
v12.0.4
v12.0.5
v12.0.6
v12.0.7
v12.0.8
v12.0.9
v16.*
v16.0.0
v16.0.0-beta.1
v16.1.0
v16.1.1
v16.10.0
v16.10.1
v16.10.10
v16.10.2
v16.10.3
v16.10.4
v16.10.5
v16.10.6
v16.10.7
v16.10.8
v16.10.9
v16.11.0
v16.12.0
v16.12.1
v16.12.2
v16.13.0
v16.14.0
v16.15.0
v16.16.0
v16.17.0
v16.17.1
v16.17.2
v16.17.3
v16.17.4
v16.17.5
v16.18.0
v16.18.1
v16.18.2
v16.2.0
v16.2.1
v16.3.0
v16.4.0
v16.4.1
v16.5.0
v16.6.0
v16.7.0
v16.8.0
v16.8.1
v16.9.0
v3.*
v3.1.0
v3.1.1
Other
v4-beta2
v4.*
v4.0.1
v4.10.0
v4.10.1
v4.10.2
v4.11.0
v4.11.1
v4.11.2
v4.11.3
v4.11.4
v4.12.0
v4.12.1
v4.12.2
v4.13.0
v4.13.1
v4.13.2
v4.13.3
v4.13.4
v4.13.5
v4.13.6
v4.14.0
v4.14.1
v4.14.2
v4.14.3
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.5.6
v4.5.7
v4.5.8
v4.5.9
v4.6.0
v4.6.1
v4.7.0
v4.7.1
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.2
v5.0.20
v5.0.21
v5.0.22
v5.0.23
v5.0.24
v5.0.25
v5.0.26
v5.0.27
v5.0.28
v5.0.29
v5.0.3
v5.0.30
v5.0.31
v5.0.32
v5.0.33
v5.0.34
v5.0.35
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.1.0
v6.1.1
v6.1.2
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.11.0
v6.12.0
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.13.0
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.14.0
v6.14.1
v6.15.0
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.16.0
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.17.0
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.18.0
v6.18.1
v6.19.0
v6.19.1
v6.19.2
v6.19.3
v6.2.0
v6.20.0
v6.20.1
v6.20.2
v6.21.0
v6.22.0
v6.22.1
v6.22.2
v6.22.3
v6.22.4
v6.22.5
v6.22.6
v6.22.7
v6.23.0
v6.23.1
v6.23.2
v6.23.3
v6.24.0
v6.24.1
v6.24.10
v6.24.2
v6.24.3
v6.24.4
v6.24.5
v6.24.6
v6.24.7
v6.24.8
v6.24.9
v6.25.0
v6.25.1
v6.25.2
v6.25.3
v6.25.4
v6.25.5
v6.25.6
v6.26.0
v6.26.1
v6.26.2
v6.26.3
v6.26.4
v6.26.5
v6.26.6
v6.27.0
v6.27.1
v6.27.10
v6.27.11
v6.27.12
v6.27.13
v6.27.14
v6.27.15
v6.27.16
v6.27.17
v6.27.18
v6.27.19
v6.27.2
v6.27.20
v6.27.21
v6.27.22
v6.27.23
v6.27.24
v6.27.3
v6.27.4
v6.27.5
v6.27.6
v6.27.7
v6.27.8
v6.27.9
v6.3.0
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.6.0
v6.6.1
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.7.0
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8.0
v6.8.1
v6.8.2
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v7.*
v7.0.0
v7.0.1
v7.0.10
v7.0.11
v7.0.12
v7.0.13
v7.0.14
v7.0.15
v7.0.16
v7.0.17
v7.0.18
v7.0.19
v7.0.2
v7.0.20
v7.0.21
v7.0.22
v7.0.23
v7.0.24
v7.0.25
v7.0.26
v7.0.27
v7.0.28
v7.0.29
v7.0.3
v7.0.30
v7.0.31
v7.0.32
v7.0.33
v7.0.34
v7.0.35
v7.0.36
v7.0.37
v7.0.38
v7.0.39
v7.0.4
v7.0.40
v7.0.41
v7.0.42
v7.0.43
v7.0.44
v7.0.45
v7.0.46
v7.0.47
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.10
v7.1.11
v7.1.12
v7.1.13
v7.1.14
v7.1.15
v7.1.16
v7.1.17
v7.1.18
v7.1.19
v7.1.2
v7.1.20
v7.1.21
v7.1.22
v7.1.23
v7.1.24
v7.1.25
v7.1.26
v7.1.27
v7.1.28
v7.1.29
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.2.0
v7.2.1
v7.2.10
v7.2.11
v7.2.12
v7.2.13
v7.2.14
v7.2.15
v7.2.16
v7.2.17
v7.2.18
v7.2.19
v7.2.2
v7.2.20
v7.2.21
v7.2.22
v7.2.23
v7.2.24
v7.2.25
v7.2.26
v7.2.27
v7.2.28
v7.2.29
v7.2.3
v7.2.30
v7.2.31
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v8.*
v8.0.0
v8.0.1
v8.0.10
v8.0.11
v8.0.12
v8.0.13
v8.0.14
v8.0.15
v8.0.16
v8.0.17
v8.0.18
v8.0.19
v8.0.2
v8.0.20
v8.0.21
v8.0.22
v8.0.23
v8.0.24
v8.0.25
v8.0.26
v8.0.27
v8.0.28
v8.0.29
v8.0.3
v8.0.30
v8.0.31
v8.0.32
v8.0.33
v8.0.34
v8.0.35
v8.0.36
v8.0.37
v8.0.38
v8.0.39
v8.0.4
v8.0.40
v8.0.41
v8.0.42
v8.0.43
v8.0.44
v8.0.45
v8.0.46
v8.0.47
v8.0.48
v8.0.49
v8.0.5
v8.0.50
v8.0.51
v8.0.52
v8.0.53
v8.0.54
v8.0.55
v8.0.56
v8.0.57
v8.0.58
v8.0.59
v8.0.6
v8.0.60
v8.0.61
v8.0.62
v8.0.63
v8.0.64
v8.0.65
v8.0.66
v8.0.67
v8.0.68
v8.0.69
v8.0.7
v8.0.70
v8.0.71
v8.0.8
v8.0.9
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.10.0
v8.10.1
v8.10.2
v8.10.3
v8.10.4
v8.10.5
v8.10.6
v8.10.7
v8.10.8
v8.10.9
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.2.5
v8.2.6
v8.2.7
v8.3.0
v8.3.1
v8.3.10
v8.3.2
v8.3.3
v8.3.4
v8.3.5
v8.3.6
v8.3.7
v8.3.8
v8.3.9
v8.4.0
v8.4.1
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.6.0
v8.6.1
v8.6.2
v8.6.3
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.7.0
v8.7.1
v8.7.10
v8.7.11
v8.7.2
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.8.0
v8.8.1
v8.8.2
v8.8.3
v8.8.4
v8.8.5
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v9.*
v9.0.0
v9.0.1
v9.0.10
v9.0.2
v9.0.3
v9.0.4
v9.0.5
v9.0.6
v9.0.7
v9.0.8
v9.0.9
v9.1.0
v9.1.1
v9.1.10
v9.1.11
v9.1.2
v9.1.3
v9.1.4
v9.1.5
v9.1.6
v9.1.7
v9.1.8
v9.1.9
v9.2.0
v9.2.1
v9.2.10
v9.2.11
v9.2.12
v9.2.13
v9.2.14
v9.2.15
v9.2.16
v9.2.17
v9.2.18
v9.2.19
v9.2.2
v9.2.20
v9.2.21
v9.2.22
v9.2.23
v9.2.24
v9.2.25
v9.2.3
v9.2.4
v9.2.5
v9.2.6
v9.2.7
v9.2.8
v9.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41482.json"