8.1

CVE-2026-21694

Exploit

EPSS 0.04%
Veröffentlicht 07.01.2026 23:10:48
Zuletzt bearbeitet 12.01.2026 18:44:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kromit ≫ Titra Version < 0.99.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c

Vendor Advisory

Exploit

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-21694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21694

EUVD