CVE-2026-21694 | THREATINT

Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

PUBLISHED Reserved 2026-01-02 | Published 2026-01-07 | Updated 2026-01-08 | Assigner GitHub_M

MEDIUM: 6.8CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-284: Improper Access Control

Product status

< 0.99.50

affected

References

github.com/.../titra/security/advisories/GHSA-mr2r-wjf8-cj3c exploit

github.com/.../titra/security/advisories/GHSA-mr2r-wjf8-cj3c

github.com/...ommit/29e6b88eca005107729e45a6f1731cf0fa5f8938

cve.org (CVE-2026-21694)

nvd.nist.gov (CVE-2026-21694)

Download JSON