PT-2026-34059 · Frappe · Frappe Hr
The-Bokya
·
Published
2026-04-21
·
Updated
2026-04-21
·
CVE-2026-40889
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Frappe HR versions prior to 15.58.2
Frappe HR versions prior to 16.4.2
Description
Authenticated users can access unauthorized files by exploiting a certain api endpoint.
Recommendations
Update to version 15.58.2
Update to version 16.4.2
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe Hr