THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-rw46-qg69-vg6h (medium) — Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access

[GHSA] GHSA-rw46-qg69-vg6h (medium) — Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access

highgithub_advisoriesPublished 2026-07-14

GHSA-rw46-qg69-vg6h Severity: medium CVE: CVE-2026-52828

Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access

### Summary

The `ExportController` web routes for creating and editing export templates are gated only by the class-level `create_export` permission, which is granted to `ROLE_TEAMLEAD` by default. The corresponding API routes and UI button visibili

Indicators of compromise

Original source: https://github.com/advisories/GHSA-rw46-qg69-vg6h