CVE-2026-21694

EUVD-2026-1660
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
GitHub_MCNA
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
kromittitra
𝑥
< 0.99.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c