A vulnerability, which was classified as critical , has been found in Frappe LMS up to 2.50.0 . This impacts an unknown function of the component SCORM ZIP Package Handler . The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-39405 . The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.