High severityNVD Advisory· Published Apr 21, 2026· Updated Apr 22, 2026
CVE-2026-40866
CVE-2026-40866
Description
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload request. This enables unauthorized modification of HR records.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.