Frappe · Frappe Hr · CVE-2026-40889
**Name of the Vulnerable Software and Affected Versions**
Frappe HR versions prior to 15.58.2
Frappe HR versions prior to 16.4.2
**Description**
Authenticated users can access unauthorized files by exploiting a certain api endpoint.
**Recommendations**
Update to version 15.58.2
Update to version 16.4.2