OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Tue, 07 Apr 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1. | |
| Title | OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion | |
| Weaknesses | CWE-285 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-04-07T18:20:35.788Z
Reserved: 2026-04-06T20:28:38.394Z
Link: CVE-2026-39347
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-07T19:16:45.780
Modified: 2026-04-07T19:16:45.780
Link: CVE-2026-39347
Redhat
No data.
OpenCVE Enrichment
No data.