CVE-2026-13537
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A cross-site request forgery (CSRF) vulnerability was found in CodeAstro Human Resource Management System 1.0. An unknown function allows remote attackers to perform unauthorized actions on behalf of an authenticated user. The exploit has been made public and could be used.
Risk Assessment
A CSRF attack could allow unauthorized operations in the HR system, such as modifying employee data or changing configuration, threatening data integrity and confidentiality.
Recommendation
Immediately update the system to the latest version or apply a vendor patch. In the meantime, implement CSRF protection mechanisms such as anti-CSRF tokens and Origin header checking.
Original NVD description (English source)
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used.

