CVE-2026-45081

6.5 MEDIUM

Frappe HR is an open-source human resources management solution (HRMS)

Published: 2026-05-27 · Last updated: 2026-06-01

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-863

Description

Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-47777 — Mastodon is a free, open-source social network server based on ActivityPub (7.5 HIGH)
CVE-2016-20075 — WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor... (8.8 HIGH)
CVE-2026-34023 — The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket...
CVE-2026-2470 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions... (4.3 MEDIUM)
CVE-2026-54398 — An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP o...