CVE-2026-40888

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 27, 2026

CWE ID

CWE-284

Source

NVD

Vendor

frappe

Product

hrms

External References

https://github.com/frappe/hrms/releases/tag/v15.58.1
https://github.com/frappe/hrms/releases/tag/v16.4.1
https://github.com/frappe/hrms/security/advisories/GHSA-4375-7rxj-9hfx

CVE-2026-40888

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment