Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.

Basic Information

ID CVE-2026-41513

Source GitHub_M

Published May 12, 2026 at 16:43

Affected Product

Vendor horilla

Product horilla-hr

Version <= 1.5.0

Affected Versions horilla horilla-hr <= 1.5.0

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.",
    "published": "2026-05-12T16:43:50.706Z",
    "modified": "2026-05-12T16:43:50.706Z",
    "type": "cve",
    "title": "Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints",
    "source": "GitHub_M",
    "references": "https://github.com/horilla/horilla-hr/security/advisories/GHSA-vqg4-fc32-cwvw\nhttps://github.com/horilla/horilla-hr/commit/734f0c7ed4ac96fe8615d1b592180ea8a46eb8b6",
    "id": "CVE-2026-41513",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "horilla horilla-hr <= 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "horilla-hr",
    "version": "<= 1.5.0",
    "vendor": "horilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints_CVE-2026-41513