EUVD-2026-19861
2026-04-07
[email protected]
6.9
CVSS 4.0
Share
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
3
EUVD ID Assigned
Apr 07, 2026 - 19:22 euvd
EUVD-2026-19861
Analysis Generated
Apr 07, 2026 - 19:22 vuln.today
CVE Published
Apr 07, 2026 - 19:16 nvd
MEDIUM 6.9
Description
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.
Analysis
Frappe web application framework prior to versions 16.14.0 and 15.104.0 allows unauthenticated remote attackers to bypass access controls and retrieve restricted Doctype data through API endpoints, resulting in information disclosure of sensitive application data. The vulnerability is tagged as an authentication bypass with a CVSS 6.9 score and exploits missing authorization checks on API methods.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
35
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).