Vulnerabilities

Report: Update: CVE-2026-40888 - Frappe HR vulnerable to Improper Access Control

2026-04-21 0 views admin

CVE ID :CVE-2026-40888 Published : April 21, 2026, 8:17 p.m. | 28 minutes ago Description :Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-40888

Severity

MEDIUM

Published

April 21, 2026

🏷️ Tags

reportupdate40888frappevulnerableimproperaccesscontrolcverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: Update: CVE-2026-40888 - Frappe HR vulnerable to Improper Access Control

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-40883 - goshs: CSRF in state-changing GET routes enables authenticated file deletion and

Report: CVE-2026-40881 - Zebra: addr/addrv2 Deserialization Resource Exhaustion

Report: Update: CVE-2026-40880 - Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

Report: CVE-2026-40879 - Nest: DoS via Recursive handleData in JsonSocket (TCP Transport) - Expert Insights

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting