CVE-2026-40888 | Frappe hrms up to 15.58.0/16.4.0 API Endpoint access control (GHSA-4375-7rxj-9hfx)

A vulnerability was found in Frappe hrms up to 15.58.0/16.4.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to improper access controls.

This vulnerability is traded as CVE-2026-40888. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More