CVE-2026-21694 — MEDIUM (6.8)

Q: How severe is CVE-2026-21694?

CVE-2026-21694 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-21694?

Check the references section above for vendor advisories and patch information. Affected products include: Kromit Titra.

Vulnerability Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Kromit	Titra	< 0.99.50

Related Weaknesses (CWE)

CWE-284

References

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8Patch
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3cExploitVendor Advisory
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3cExploitVendor Advisory

FAQ

What is CVE-2026-21694?

CVE-2026-21694 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have no...

How severe is CVE-2026-21694?

CVE-2026-21694 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-21694?

Check the references section above for vendor advisories and patch information. Affected products include: Kromit Titra.