Improper Authorization in Frappe HR's Human Resources Management Solution
CVE-2026-45081

6.5MEDIUM

Key Information:

Vendor: Frappe
Status: Hrms
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45081?

Frappe HR, an open-source human resources management solution, contains a vulnerability that allows authenticated employees to access the leave details of other employees. This issue arises from insufficient authorization checks in versions prior to 16.5.0. Users are advised to upgrade to version 16.5.0 or later to mitigate this risk and secure sensitive employee information.

Affected Version(s)

hrms < 16.5.0

References

https://github.com/frappe/hrms/security/advisories/GHSA-9...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45081 Data

JSON