Frappe · Frappe Hr · CVE-2026-40888
**Name of the Vulnerable Software and Affected Versions**
Frappe HR versions prior to 15.58.1
Frappe HR versions prior to 16.4.1
**Description**
An authenticated user with a default role can access unauthorized information by exploiting a certain api endpoint in this open-source human resources management solution.
**Recommendations**
Update to version 15.58.1
Update to version 16.4.1