A vulnerability was found in Frappe up to 15.103.x/16.13.x . It has been classified as problematic . This affects an unknown function of the component API Handler . The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-39351 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.