Horilla: Insecure Direct Object Reference at `/employee/view-file/_CVE-2026-40865

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR files such as identity documents, contracts, certificates, and other private employee records.

Basic Information

ID CVE-2026-40865

Source GitHub_M

Published Apr 21, 2026 at 18:14

Modified Apr 21, 2026 at 18:45

Affected Product

Vendor horilla-opensource

Product horilla

Version 1.5.0

Affected Versions horilla-opensource horilla 1.5.0

CWE Classification

CWE-284 CWE-639

References

github.com /horilla/horilla-hr/security/advisories/GHSA-85cj-fwjh-fjv7

{
    "lastseen": "",
    "description": "Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees\u2019 uploaded documents by changing the document ID in the request. This exposes sensitive HR files such as identity documents, contracts, certificates, and other private employee records.",
    "published": "2026-04-21T18:14:19.523Z",
    "modified": "2026-04-21T18:45:50.143Z",
    "type": "cve",
    "title": "Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>",
    "source": "GitHub_M",
    "references": "https://github.com/horilla/horilla-hr/security/advisories/GHSA-85cj-fwjh-fjv7",
    "id": "CVE-2026-40865",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "horilla-opensource horilla 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "horilla",
    "version": "1.5.0",
    "vendor": "horilla-opensource",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}