A vulnerability was found in OrangeHRM up to 5.8.0 . It has been classified as critical . Impacted is an unknown function of the component Email Template Handler . Performing a manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-39345 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.