Orangehrm · Orangehrm · CVE-2026-39346
Name of the Vulnerable Software and Affected Versions
OrangeHRM versions 5.0 through 5.8
Description
OrangeHRM Open Source versions 5.0 through 5.8 allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator.
Recommendations
Update to version 5.8.1 or later.