Primary

Context

Frappe Learning Management System Unauthorized Student List Access Vulnerability

Vulnerability

Patched

A vulnerability in Frappe Learning Management System (LMS) versions prior to 2.44.0 allowed unauthorized users to access the full list of enrolled students' emails in batches. This issue has been addressed in version 2.44.0.

Impact

Exploitation of this vulnerability allowed unauthorized users to access sensitive information, specifically the emails of all students enrolled in a course, in batches.

Remediation

Users can update to Frappe LMS version 2.44.0 or later to address this vulnerability. Instructions for updating can be found in the Frappe LMS GitHub repository.

Added: Feb 11, 2026, 10:19 PM

Updated: Feb 11, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.8

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.8

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning Management System Unauthorized Student List Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating