A vulnerability was found in Frappe up to 15.108.x/16.18.x. It has been declared as problematic. This issue affects the function
download_backups of the component Download Backups. Executing a manipulation can lead to path traversal.
This vulnerability is handled as CVE-2026-42219. The attack can be executed remotely. There is not any exploit available.