Home

Description

Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-27 | Updated 2026-05-27 | Assigner GitHub_M




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

< 16.5.0
affected

References

github.com/...e/hrms/security/advisories/GHSA-9jpf-5vrm-hpcj

cve.org (CVE-2026-45081)

nvd.nist.gov (CVE-2026-45081)

Download JSON