THREAT OPS › Threat News › [GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes
[GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes
GHSA-r8vr-m544-qh4h Severity: medium CVE: CVE-2026-52823
Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes
### Summary
Kimai 2.56.0 contains authenticated cross-site request forgery issues in its timesheet state-changing API endpoints. The application reuses the browser's existing session for `/api/*` requests, and both the `stop` and `restart`
Indicators of compromise
- CVE-2026-52823cve
- https://www.kimai.org/en/security/ghsa-r8vr-m544-qh4hurl
Original source: https://github.com/advisories/GHSA-r8vr-m544-qh4h