THREAT OPS › Threat News › [GHSA] GHSA-v8hx-4vx8-wc96 (high) — Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP
[GHSA] GHSA-v8hx-4vx8-wc96 (high) — Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP
GHSA-v8hx-4vx8-wc96 Severity: high CVE: CVE-2026-52827
Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP
### Summary Two-factor authentication (TOTP) can be fully bypassed for the REST API. The `KIMAI_SESSION` cookie returned in the response to the login request; issued after only the password is verified, before the TOTP step; is already accepted as a
MITRE ATT&CK techniques
- Credential StuffingT1110.004
Indicators of compromise
- CVE-2026-52827cve
- https://www.kimai.org/en/security/ghsa-v8hx-4vx8-wc96url
Original source: https://github.com/advisories/GHSA-v8hx-4vx8-wc96