THREAT OPS › Threat News › [GHSA] GHSA-2xgg-2x8h-8xw4 (medium) — Kimai: Improper Authorization in Project, Customer, and Activity Rate Edit Endpoints Allows Cross-Scope Rate Manipulation
[GHSA] GHSA-2xgg-2x8h-8xw4 (medium) — Kimai: Improper Authorization in Project, Customer, and Activity Rate Edit Endpoints Allows Cross-Scope Rate Manipulation
GHSA-2xgg-2x8h-8xw4 Severity: medium CVE: CVE-2026-52826
Kimai: Improper Authorization in Project, Customer, and Activity Rate Edit Endpoints Allows Cross-Scope Rate Manipulation
### Summary
Kimai 2.56.0 contains an authenticated improper authorization vulnerability in the Web rate editing flows for projects, customers, and activities. A user who can edit one authorized parent object can combin
Indicators of compromise
- CVE-2026-52826cve
- https://www.kimai.org/en/security/ghsa-2xgg-2x8h-8xw4url
Original source: https://github.com/advisories/GHSA-2xgg-2x8h-8xw4