← back
CVE-2026-39345

OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader

CVSS 4.6 MEDIUMEPSS 0.3%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This vulnerability is fixed in 5.8.1.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
orangehrm · orangehrm

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/orangehrm/orangehrm/security/advisories/GHSA-xq24-qv66-9v3m