Which versions of Horilla HRMS are affected by CVE-2026-40867?

Horilla HRMS 1.5.0 contains a broken access control vulnerability in the helpdesk module that allows any authenticated employee to access support ticket attachments belonging to other employees by…

How to fix or mitigate CVE-2026-40867?

Within 24 hours: Inventory all Horilla HRMS 1.5.0 deployments and document current user access patterns to the helpdesk module. Within 7 days: Implement URL parameter validation and access logging for all attachment downloads; restrict helpdesk module access to authorized HR and support personnel only; review recent attachment access logs for unauthorized downloads. Within 30 days: Contact Horilla for patch timeline; evaluate alternative HRMS solutions if patch is not forthcoming; conduct audit of all sensitive documents stored in helpdesk attachments and assess exposure scope.

Horilla HRMS CVE-2026-40867

Q: What is the CVSS score of CVE-2026-40867?

CVE-2026-40867 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-24235 HIGH

Improper Access Control (CWE-284)

2026-04-21 GitHub_M

Authentication Bypass Horilla

7.1

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.1 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 21:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 19:47 vuln.today

CVSS changed

Apr 21, 2026 - 19:22 NVD

7.1 (HIGH)

EUVD ID Assigned

Apr 21, 2026 - 19:00 euvd

EUVD-2026-24235

Analysis Generated

Apr 21, 2026 - 19:00 vuln.today

CVE Published

Apr 21, 2026 - 18:16 nvd

HIGH 7.1

DescriptionGitHub Advisory

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and internal documents across unrelated users or teams.

AnalysisAI

Broken access control in Horilla HRMS 1.5.0 helpdesk module allows any authenticated employee to view support ticket attachments belonging to other users by manipulating attachment IDs in URLs. This exposes confidential HR documents, employee grievances, and internal communications across organizational boundaries. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Horilla HRMS

Delivery

Access own helpdesk ticket

Exploit

Observe attachment URL structure

Execution

Enumerate attachment IDs

Persist

Download unauthorized attachments

Impact

Exfiltrate sensitive HR documents