Primary

Context

Frappe Learning Management System Unpublished Course Details Access Vulnerability

Vulnerability

Patched

A vulnerability exists in Frappe Learning Management System (LMS) versions 2.44.0 and prior, allowing unauthorized users to access details of unpublished courses through API endpoints. This issue is set to be addressed in the upcoming 2.45.0 release.

Impact

The vulnerability enables unauthorized access to information about unpublished courses via API endpoints.

Remediation

Users can upgrade to Frappe LMS version 2.45.0, where this issue has been fixed. In the patched version, the endpoint verifies the publication status of the course, ensuring that only admins and enrolled students can access the details.

Added: Feb 20, 2026, 2:35 AM

Updated: Feb 20, 2026, 2:35 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning Management System Unpublished Course Details Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating