CVE-2026-45081

MEDIUM NVD

CVSS Score 6.5

Severity MEDIUM

Published May 27, 2026

Vendor unknown

Description

Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0.

References

https://github.com/frappe/hrms/security/advisories/GHSA-9jpf-5vrm-hpcj