CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39347

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 2.7

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-7j84-w7h5-24pc

Products affected by CVE-2026-39347

Orangehrm » Orangehrm » Version: 5.0

cpe:2.3:a:orangehrm:orangehrm:5.0
Orangehrm » Orangehrm » Version: 5.1

cpe:2.3:a:orangehrm:orangehrm:5.1
Orangehrm » Orangehrm » Version: 5.2

cpe:2.3:a:orangehrm:orangehrm:5.2
Orangehrm » Orangehrm » Version: 5.3

cpe:2.3:a:orangehrm:orangehrm:5.3
Orangehrm » Orangehrm » Version: 5.4

cpe:2.3:a:orangehrm:orangehrm:5.4
Orangehrm » Orangehrm » Version: 5.5

cpe:2.3:a:orangehrm:orangehrm:5.5
Orangehrm » Orangehrm » Version: 5.6

cpe:2.3:a:orangehrm:orangehrm:5.6
Orangehrm » Orangehrm » Version: 5.6.1

cpe:2.3:a:orangehrm:orangehrm:5.6.1
Orangehrm » Orangehrm » Version: 5.7

cpe:2.3:a:orangehrm:orangehrm:5.7
Orangehrm » Orangehrm » Version: 5.8

cpe:2.3:a:orangehrm:orangehrm:5.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39347

Products

Pricing

Contact Us