CVE-2026-21694

Published: Jan 8, 2026Modified: Jan 12, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Affected (1)

Products: Kromit: Titra

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kromit Titra	Before 0.99.50

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938

Source: security-advisories@github.com

Patch

https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.