CVE-2026-46546
Received Received - Intake
Authenticated Stored Open Redirect in Frappe LMS

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-46546
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
frappe lms to 2.52.0 (exc)
frappe lms 2.52.2
frappe lms 2.53.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Frappe Learning Management System (LMS) allows an authenticated user to inject specially crafted content into certain user-editable fields.

When this malicious content is displayed in the page metadata, it causes visitors' browsers to automatically redirect to a URL chosen by the attacker.

This issue affects versions prior to 2.52.0 and has been fixed in version 2.52.2 and later.

Impact Analysis

The vulnerability can cause visitors to your LMS site to be redirected to attacker-controlled websites without their consent.

This can lead to phishing attacks, exposure to malicious content, or other unwanted actions initiated by the attacker.

Since the attacker needs to be an authenticated user to exploit this, it may also indicate potential risks related to user account security.

Detection Guidance

Detection of this vulnerability involves identifying if your Frappe Learning Management System (LMS) instance is running a version prior to 2.52.2, as those versions are vulnerable.

You can check the installed version of Frappe LMS by running commands that display the software version, such as:

  • Check the version via the application interface or command line, for example: `frappe --version` or by inspecting the version file or metadata in your installation directory.

Additionally, to detect exploitation attempts, monitor HTTP requests and responses for unusual redirects or injected metadata that cause browsers to navigate to attacker-chosen URLs.

Mitigation Strategies

The immediate mitigation step is to upgrade your Frappe LMS installation to version 2.52.2 or later, as the vulnerability has been patched in these versions.

Until the upgrade is applied, restrict authenticated user input in user-editable fields that are surfaced in page metadata to prevent injection of specially crafted content.

Also, monitor your web traffic for suspicious redirects and consider implementing web application firewall (WAF) rules to block malicious payloads targeting this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart