PYSEC-2026-1391

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/frappe/PYSEC-2026-1391.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1391
Aliases
Published
2026-07-07T14:34:58.967615Z
Modified
2026-07-07T17:47:21.868106496Z
Severity
  • 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Frappe has possibility of SQL injection due to improper validations
Details

Impact

SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information.

Workarounds

Upgrading is required, no other workaround is present.

References

Affected packages

PyPI / frappe

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.93.2
Introduced
15.0.0
Fixed
15.55.0

Affected versions

0.*
0.0.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/frappe/PYSEC-2026-1391.yaml"