cvedb.io
CVE-2026-26977
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-02-20T02:16:54.057 · Last modified 2026-06-17T10:26:28.427

Summary

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.

Affected products

frappe — learning

Does this affect you?

Add your gear to cvedb and we'll alert you only when frappe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.