CVE-2026-46546
Deferred Deferred - Pending Action

Authenticated Stored Open Redirect in Frappe LMS

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-29
NVD
CVE-2026-46546

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
frappe lms to 2.52.0 (exc)
frappe lms 2.52.2
frappe lms 2.53.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Frappe Learning Management System (LMS) allows an authenticated user to inject specially crafted content into certain user-editable fields.

When this malicious content is displayed in the page metadata, it causes visitors' browsers to automatically redirect to a URL chosen by the attacker.

This issue affects versions prior to 2.52.0 and has been fixed in version 2.52.2 and later.

Impact Analysis

The vulnerability can cause visitors to your LMS site to be redirected to attacker-controlled websites without their consent.

This can lead to phishing attacks, exposure to malicious content, or other unwanted actions initiated by the attacker.

Since the attacker needs to be an authenticated user to exploit this, it may also indicate potential risks related to user account security.

Detection Guidance

Detection of this vulnerability involves identifying if your Frappe Learning Management System (LMS) instance is running a version prior to 2.52.2, as those versions are vulnerable.

You can check the installed version of Frappe LMS by running commands that display the software version, such as:

  • Check the version via the application interface or command line, for example: `frappe --version` or by inspecting the version file or metadata in your installation directory.

Additionally, to detect exploitation attempts, monitor HTTP requests and responses for unusual redirects or injected metadata that cause browsers to navigate to attacker-chosen URLs.

Mitigation Strategies

The immediate mitigation step is to upgrade your Frappe LMS installation to version 2.52.2 or later, as the vulnerability has been patched in these versions.

Until the upgrade is applied, restrict authenticated user input in user-editable fields that are surfaced in page metadata to prevent injection of specially crafted content.

Also, monitor your web traffic for suspicious redirects and consider implementing web application firewall (WAF) rules to block malicious payloads targeting this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart