A vulnerability classified as critical was found in Frappe up to 15.104.x/16.14.x . This affects an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-39352 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.