SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information.
Upgrading is required, no other workaround is present.
"https://github.com/pypa/advisory-database/blob/main/vulns/frappe/PYSEC-2026-1391.yaml"