THREAT OPS › Threat News › [GHSA] GHSA-rw46-qg69-vg6h (medium) — Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access
[GHSA] GHSA-rw46-qg69-vg6h (medium) — Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access
GHSA-rw46-qg69-vg6h Severity: medium CVE: CVE-2026-52828
Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access
### Summary
The `ExportController` web routes for creating and editing export templates are gated only by the class-level `create_export` permission, which is granted to `ROLE_TEAMLEAD` by default. The corresponding API routes and UI button visibili
Indicators of compromise
- CVE-2026-52828cve
- https://www.kimai.org/en/security/ghsa-rw46-qg69-vg6hurl
Original source: https://github.com/advisories/GHSA-rw46-qg69-vg6h