A system user was able to create certain documents in a specific way that could lead to RCE.
There's no workaround, an upgrade is required.
Thanks to Thanh of Calif.io for reporting the issue
"https://github.com/pypa/advisory-database/blob/main/vulns/frappe/PYSEC-2026-1393.yaml"