CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Frappe: >> Frappe Hr >> 16.4.1 Security Vulnerabilities

CVE-2026-40889

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.

CVSS Score

6.5

EPSS Score

0.0

Published

2026-04-21

Page 1

Vulnerabilities

Vulnerable Software

Frappe: >> Frappe Hr >> 16.4.1 Security Vulnerabilities

Products

Pricing

Contact Us