Primary

Context

Frappe Document Sharing Vulnerability Allowing Improper Permission Granting

Vulnerability

Patched

A broken access control vulnerability has been identified in the Frappe web application framework, affecting versions prior to 15.98.0 and 14.100.0. The issue arises from insufficient validation during the document sharing process, allowing users to share documents with permissions they did not possess. This vulnerability has been addressed in versions 15.98.0 and 14.100.0.

Impact

Exploitation of this vulnerability could lead to unauthorized permission grants, allowing users to access or modify documents beyond their intended rights.

Remediation

Users are advised to upgrade to Frappe versions 15.98.0 or 14.100.0.

Added: Mar 5, 2026, 9:17 PM

Updated: Mar 5, 2026, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

5.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

5.4

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Document Sharing Vulnerability Allowing Improper Permission Granting

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating