CVE-2026-21694

low-risk
Published 2026-01-08

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Titra

Affected Vendors

Kromit

References (3)

Patch https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8...
Exploit https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
Exploit https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal