CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081

Frappe CVE-2026-29081 affects the framework prior to versions 14.100.1 and 15.100.0, where an endpoint allowed SQL injection via specially crafted requests due to improper fieldname sanitization. Consequence: potential exposure of sensitive information. Fix: patched in 14.100.1 and 15.100.0. Evid...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...