CVE-2026-39405 | Frappe LMS up to 2.50.0 SCORM ZIP Package path traversal (GHSA-mxh7-g3r7-g96h)

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Frappe LMS up to 2.50.0. This impacts an unknown function of the component SCORM ZIP Package Handler. The manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-39405. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-39405 | Frappe LMS up to 2.50.0 SCORM ZIP Package path traversal (GHSA-mxh7-g3r7-g96h)

Post correlati

CVE-2026-29073 | SiYuan up to 3.5.x /api/query/sql authorization

CVE-2025-47161 | Microsoft Defender for Endpoint prior 101.25022.0002 on Linux access control

CVE-2025-71102 | Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 __scs_magic denial of service

CVE-2025-11004 | Silabs Simplicity Device Manager API Endpoint cross site scripting