A vulnerability categorized as critical has been discovered in Frappe up to 15.109.x/16.19.x. The affected element is an unknown function of the component API Endpoint. The manipulation results in privilege escalation.
This vulnerability was named CVE-2026-48127. The attack may be performed from remote. There is no available exploit.