CVE-2026-29077
📋 TL;DR
This vulnerability in Frappe framework allows authenticated users to share documents with permissions they don't possess, potentially granting unauthorized access to sensitive data. All Frappe installations running vulnerable versions are affected. The issue stems from improper access control validation during document sharing operations.
💻 Affected Systems
- Frappe Framework
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated user could escalate privileges by sharing sensitive documents with themselves or others using higher permissions than authorized, potentially accessing confidential business data, financial records, or personally identifiable information.
Likely Case
Internal users accidentally or intentionally sharing documents beyond their intended scope, leading to data exposure within the organization but not necessarily privilege escalation.
If Mitigated
With proper network segmentation and least-privilege access controls, impact would be limited to unauthorized document access within the same security zone.
🎯 Exploit Status
Exploitation requires authenticated access to the Frappe application. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.98.0 or 14.100.0
Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-5h4c-9p23-4c3m
Restart Required: Yes
Instructions:
1. Backup your Frappe installation and database. 2. Update Frappe using bench update command: bench update --frappe. 3. Verify the update completed successfully. 4. Restart the Frappe application services.
🔧 Temporary Workarounds
Disable Document Sharing
allTemporarily disable document sharing functionality to prevent exploitation
bench --site [site-name] set-config disable_document_sharing true
Restrict User Permissions
allImplement strict role-based access control and review all user permissions
🧯 If You Can't Patch
- Implement network segmentation to isolate Frappe instances from sensitive data stores
- Enable detailed audit logging for all document sharing operations and monitor for anomalies
🔍 How to Verify
Check if Vulnerable:
Check Frappe version using: bench versionCheck Version:
bench versionVerify Fix Applied:
Verify version is 15.98.0 or higher (for v15) or 14.100.0 or higher (for v14)📡 Detection & Monitoring
Log Indicators:
- Unusual document sharing patterns
- Users sharing documents with permissions they shouldn't have
- Multiple failed permission validation attempts
Network Indicators:
- Increased API calls to document sharing endpoints from single users
SIEM Query:
source="frappe_logs" AND (event="document_share" OR event="permission_check") AND result="success" WHERE user_permissions NOT IN allowed_permissions