Description

Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without proper authorization. This occurs due to insufficient server-side validation of the employee_id parameter during file upload operations, allowing any authenticated employee to upload document in behalf of any employee. Version 1.5.0 fixes the issue.

INFO

Published Date :

2026-01-22T02:43:10.884Z

Last Modified :

2026-01-22T12:41:56.958Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24035 vulnerability.

Vendors Products
Horilla
  • Horilla
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24035.

URL Resource
https://drive.google.com/file/d/1i00-NnipvxH8bGY-SyqEjnDQfxIbVGRR/view?usp=sharing cve-icon cve-icon
https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 cve-icon cve-icon
https://github.com/horilla-opensource/horilla/security/advisories/GHSA-fm3f-xpgx-8xr3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact