Frappe has Path Transversal via SCORM_CVE-2026-39405

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1.

AI Analysis

Path traversal vulnerability via SCORM ZIP package upload

Basic Information

ID CVE-2026-39405

Source GitHub_M

Published May 20, 2026 at 19:34

Affected Product

Vendor frappe

Product lms

Version < 2.50.1

Affected Versions frappe lms < 2.50.1

CWE Classification

CWE-22

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Frappe

Product Frappe Learning Management System (LMS)

Version 2.50.0 and below

References

{
    "lastseen": "",
    "description": "Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1.",
    "published": "2026-05-20T19:34:17.498Z",
    "modified": "2026-05-20T19:34:17.498Z",
    "type": "cve",
    "title": "Frappe has Path Transversal via SCORM",
    "source": "GitHub_M",
    "references": "https://github.com/frappe/lms/security/advisories/GHSA-mxh7-g3r7-g96h\nhttps://github.com/frappe/lms/releases/tag/v2.50.1",
    "id": "CVE-2026-39405",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "frappe lms < 2.50.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lms",
    "version": "< 2.50.1",
    "vendor": "frappe",
    "ai_description": "Path traversal vulnerability via SCORM ZIP package upload",
    "ai_severity": "Critical",
    "ai_vendor": "Frappe",
    "ai_product": "Frappe Learning Management System (LMS)",
    "ai_version": "2.50.0 and below",
    "ai_score": 9.4
}