Primary

Context

Frappe Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in the Frappe web application framework, affecting versions prior to 14.100.1, 15.100.0, and 16.6.0. This vulnerability allows a malicious user to send a crafted request to an endpoint, which could then lead to the server making an HTTP call to a service of the user's choice.

Impact

Exploitation of this vulnerability could allow an authenticated user to make the server initiate HTTP requests to arbitrary services, potentially leading to unauthorized data access or interaction with internal services.

Remediation

Users are advised to upgrade to Frappe versions 14.100.1, 15.100.0, or 16.6.0.

Added: Mar 11, 2026, 7:29 PM

Updated: Mar 11, 2026, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

4.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

4.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating