CVE-2026-24036

Name of the Vulnerable Software and Affected Versions Horilla versions 1.4.0 through 1.4.9

Description Horilla, a Human Resource Management System (HRMS), has an issue where unpublished job postings are exposed. This occurs through the ''/recruitment/recruitment-details//'' endpoint without requiring authentication. The response includes draft job titles, descriptions, and the application link, allowing unauthenticated users to view unpublished roles and access the application workflow. This unauthorized access can lead to the leakage of sensitive internal hiring information and candidate confusion.

Recommendations Update to version 1.5.0 or later.