Frappe Framework <14.99.0 and <15.84.0 Unauthenticated SQL Injection
A critical unauthenticated SQL Injection vulnerability (CVE-2026-31877) affecting Frappe Framework allows attackers to extract sensitive database information through improperly sanitized API parameters. This article provides a proof-of-concept exploit and technical overview.