Titra APIs have Improper Access Control_CVE-2026-21694

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Basic Information

ID CVE-2026-21694

Source GitHub_M

Published Jan 7, 2026 at 23:10

Affected Product

Vendor kromitgmbh

Product titra

Version < 0.99.50

Affected Versions kromitgmbh titra < 0.99.50

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.",
    "published": "2026-01-07T23:10:48.362Z",
    "modified": "2026-01-07T23:10:48.362Z",
    "type": "cve",
    "title": "Titra APIs have Improper Access Control",
    "source": "GitHub_M",
    "references": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c\nhttps://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938",
    "id": "CVE-2026-21694",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "kromitgmbh titra < 0.99.50",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "titra",
    "version": "< 0.99.50",
    "vendor": "kromitgmbh",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}