CVE-2026-24035

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0

Description Horilla HR Software contains an Improper Access Control issue. An authenticated employee can upload documents on behalf of another employee without authorization. This is due to insufficient server-side validation of the

employee id

parameter during file upload operations.

Recommendations Update to version 1.5.0 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-24035

GHSA-FM3F-XPGX-8XR3

Affected Products

Horilla

CVE-2026-24035

Weakness Enumeration

Related Identifiers

Affected Products

References · 10