High severityNVD Advisory· Published Apr 21, 2026· Updated Apr 22, 2026
CVE-2026-40865
CVE-2026-40865
Description
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR files such as identity documents, contracts, certificates, and other private employee records.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.