CVE-2026-21694HIGH 8.1EPSS p15.3%

CVE-2026-21694CVE-2026-21694

Description

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.24% probability of exploitation · percentile 15.3% · 2026-06-19T12:03:05Z
Published2026-01-08
Last modified2026-01-12

Underlying weaknesses· 1

CWE-284

References

  1. https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938
  2. https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
  3. https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69288
CVE
CVE-2026-39432
CVE
CVE-2025-60291
CVE
CVE-2026-20750
CVE
CVE-2025-9018
CVE
CVE-2026-25699
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.