CVE-2026-40889 | frappe hrms up to 15.58.1/16.4.1 API Endpoint access control (GHSA-6cg5-4q6m-vrgm)

A vulnerability classified as critical has been found in frappe hrms up to 15.58.1/16.4.1. Affected by this vulnerability is an unknown functionality of the component API Endpoint. This manipulation causes improper access controls.

This vulnerability is tracked as CVE-2026-40889. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More