A vulnerability categorized as critical has been discovered in Frappe up to 15.105.x/16.15.x . Affected by this issue is some unknown functionality. The manipulation results in sql injection. This vulnerability is reported as CVE-2026-41581 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.