A vulnerability identified as critical has been detected in Frappe up to 16.18.x. The impacted element is an unknown function of the component Workspace Manager. This manipulation causes authorization bypass.

The identification of this vulnerability is CVE-2026-49394. It is possible to initiate the attack remotely. There is no exploit available.