216.73.217.50

CVE-2026-39349

· Published 07/04/2026 19:16 · Modified 08/04/2026 21:27

Labels: CVE-2026-39349 2026-04-07CVE-2026-39349CWE-326[email protected]

Essential information

Published
07/04/2026 19:16
Modified
08/04/2026 21:27
Author
Creator
CVSS
2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability is fixed in 5.8.1.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
orangehrm / orangehrm cpe:2.3:a:orangehrm:orangehrm:5.0-5.8:*:*:*:*:*:*:*

References