Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and internal documents across unrelated users or teams.

Basic Information

ID CVE-2026-40867

Source GitHub_M

Published Apr 21, 2026 at 18:16

Affected Product

Vendor horilla-opensource

Product horilla

Version 1.5.0

Affected Versions horilla-opensource horilla 1.5.0

CWE Classification

CWE-284 CWE-639

References

github.com /horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff

{
    "lastseen": "",
    "description": "Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and internal documents across unrelated users or teams.",
    "published": "2026-04-21T18:16:29.345Z",
    "modified": "2026-04-21T18:16:29.345Z",
    "type": "cve",
    "title": "Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation",
    "source": "GitHub_M",
    "references": "https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff",
    "id": "CVE-2026-40867",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "horilla-opensource horilla 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "horilla",
    "version": "1.5.0",
    "vendor": "horilla-opensource",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation_CVE-2026-40867