CVE-2026-21694 MEDIUM

CVE-2026-21694: Titra APIs have Improper Access Control

Vendor Kromitgmbh
Product titra
Weakness CWE-284
Published January 7, 2026
Last update January 8, 2026

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 8, 2026 Record updated