Description

Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing unauthenticated users to view unpublished roles and access the application workflow for unpublished jobs. Unauthorized access to unpublished job posts can leak sensitive internal hiring information and cause confusion among candidates. This issue has been fixed in version 1.5.0.

INFO

Published Date :

2026-01-22T03:21:32.538Z

Last Modified :

2026-01-22T12:38:10.451Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24036 vulnerability.

Vendors Products
Horilla
  • Horilla
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24036.

URL Resource
https://github.com/horilla-opensource/horilla/commit/9a585a1588431499092a49d7e82cb77daa4d99ee cve-icon cve-icon
https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 cve-icon cve-icon
https://github.com/horilla-opensource/horilla/security/advisories/GHSA-q4xr-w96p-3vg7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact