CVE-2026-40867

HIGH

Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

Title source: cna

Description

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and internal documents across unrelated users or teams.

References (1)

[X_Refsource_Confirm] https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff

Scores

CVSS v4 7.1

EPSS 0.0004

EPSS Percentile 13.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-639

Status published

Products (1)

horilla-opensource/horilla 1.5.0

Published Apr 21, 2026

Tracked Since Apr 22, 2026