VYPR
Medium severity4.9NVD Advisory· Published Apr 7, 2026· Updated Apr 9, 2026

CVE-2026-39345

CVE-2026-39345

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This vulnerability is fixed in 5.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:orangehrm:orangehrm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:orangehrm:orangehrm:*:*:*:*:*:*:*:*range: >=5.0,<5.8.1
    • (no CPE)range: 5.0 - 5.8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.