CVE-2026-39349 โ OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0โฆ
๐จ CVE-2026-39349 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. Thi
Use of AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure
github.com
What This Means For You
- New vulnerability disclosed โ verify if your stack is exposed.
- New tool or resource available โ evaluate for your security workflow.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-39349 | Vulnerability | CVE-2026-39349 |
๐
Get the full picture on this threat
Use /org to search affected organizations, generate IOC briefs with /brief, and set watchlist alerts โ inside Telegram.
Try Intel Bot โ
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158840 |
| Published | April 10, 2026 at 22:57 UTC |
| Original Link | https://github.com/orangehrm/orangehrm/security/advisorie... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.