THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes

[GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes

highgithub_advisoriesPublished 2026-07-14

GHSA-r8vr-m544-qh4h Severity: medium CVE: CVE-2026-52823

Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changes

### Summary

Kimai 2.56.0 contains authenticated cross-site request forgery issues in its timesheet state-changing API endpoints. The application reuses the browser's existing session for `/api/*` requests, and both the `stop` and `restart`

Indicators of compromise

Original source: https://github.com/advisories/GHSA-r8vr-m544-qh4h