{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:21:41.673","vulnerabilities":[{"cve":{"id":"CVE-2026-24038","sourceIdentifier":"security-advisories@github.com","published":"2026-01-22T04:15:59.890","lastModified":"2026-01-29T18:54:50.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP is also None, causing the comparison user_otp == otp to pass. This allows an attacker to bypass two-factor authentication entirely without ever providing a valid OTP. If administrative accounts are targeted, it could lead to compromise of sensitive HR data, manipulation of employee records, and further system-wide abuse. This issue has been fixed in version 1.5.0."},{"lang":"es","value":"Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. En la versión 1.4.0, la lógica de manejo de OTP tiene una verificación de igualdad defectuosa que puede ser evitada. Cuando un OTP expira, el servidor devuelve None, y si un atacante omite el campo otp de su solicitud POST, el OTP proporcionado por el usuario también es None, haciendo que la comparación user_otp == otp se apruebe. Esto permite a un atacante evitar completamente la autenticación de dos factores sin proporcionar nunca un OTP válido. Si se dirigen a cuentas de administración, podría llevar al compromiso de datos sensibles de RRHH, manipulación de registros de empleados y a un abuso adicional en todo el sistema. Este problema ha sido solucionado en la versión 1.5.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horilla:horilla:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"55143854-C369-4CAA-B671-90EFC9170F64"}]}]}],"references":[{"url":"https://github.com/horilla-opensource/horilla/releases/tag/1.5.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-hqpv-ff5v-3hwf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}