CVE-2026-40866

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload request. This enables unauthorized modification of HR records.

CVSS

No CVSS.

References

Link	Resource
https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7
https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7

Configurations

No configuration.

History

21 Apr 2026, 20:17

Type	Values Removed	Values Added
References	~~() https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7 -~~	() https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7 -

21 Apr 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-21 19:16

Updated : 2026-04-22 21:05

NVD link : CVE-2026-40866

Mitre link : CVE-2026-40866

CVE.ORG link : CVE-2026-40866

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2026-40866", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-21T19:16:18.170", "references": [{"url": "https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7", "source": "security-advisories@github.com"}, {"url": "https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee\u2019s document by changing the document ID in the upload request. This enables unauthorized modification of HR records."}], "lastModified": "2026-04-22T21:05:56.673", "sourceIdentifier": "security-advisories@github.com"}