CVE-2026-31878 Frappe — Exploit & Vulnerability Details MEDIUM

CVE-2026-31878

MEDIUM CVSS 3.1: 5.0 EPSS 0.03%

Parameter	Value
CVSS	5.0 (MEDIUM)
Fixed In	14.100.1
Type	CWE-918 (Server-Side Request Forgery (SSRF))
Vendor	Frappe
Public PoC	No

Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6.0.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-918 Server-Side Request Forgery (SSRF)

References 1

https://github.com/frappe/frappe/security/advisories/GHSA-mggg-hmjm-j6c2

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-39351

Frappe

6.9

CVE-2026-35614

Frappe

9.3

CVE-2026-31879

Frappe

5.1

CVE-2026-31877

Frappe

9.3

CVE-2026-29081

Frappe

6.5

Menu

CVE-2026-31878

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-39351

CVE-2026-35614

CVE-2026-31879

CVE-2026-31877

CVE-2026-29081

CVE Details

Editor's Choice

Menu

CVE-2026-31878

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-39351

CVE-2026-35614

CVE-2026-31879

CVE-2026-31877

CVE-2026-29081

CVE Details

Editor's Choice

Stay informed on cybersecurity