CVE-2026-21694

Exploit

EPSS 0.24%
Veröffentlicht 07.01.2026 23:10:48
Zuletzt bearbeitet 12.01.2026 18:44:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Titra APIs have Improper Access Control

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kromit ≫ Titra Version < 0.99.50

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c

Vendor Advisory

Exploit

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-21694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21694

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-21694