File Upload Vulnerability in Horilla Human Resource Management System
CVE-2026-24010

8.8HIGH

Key Information:

Vendor: Horilla-opensource
Status: Horilla
Vendor: CVE Published:; 22 January 2026

🔔 Create Horilla-opensource Vulnerability Alert

What is CVE-2026-24010?

Horilla Human Resource Management System is susceptible to a file upload vulnerability that allows authenticated users to exploit the system for phishing attacks. By masquerading a malicious HTML file as a profile picture, attackers can direct users to a counterfeit login page designed to harvest their credentials. When victims attempt to log in, they are presented with a convincing 'Session Expired' message, leading them to believe they need to re-authenticate. This vulnerability poses significant risks as it enables account takeover and compromises user security. Users are advised to update to version 1.5.0, which mitigates this threat effectively.

Affected Version(s)

horilla < 1.5.0

References

https://github.com/horilla-opensource/horilla/security/ad...

x_refsource_CONFIRM

https://github.com/horilla-opensource/horilla/releases/ta...

x_refsource_MISC

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 19, 2026

CVE-2026-24010 Data

JSON