Main Vulnerability Database Exploits ID:12657 - Exploit for Incorrect authorization in kimai2

ID:12657 - Exploit for Incorrect authorization in kimai2

Published: April 28, 2026

Vulnerability identifier: #VU128254

Vulnerability risk: Medium

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Vulnerable software:
kimai2

Link to public exploit:

https://github.com/kimai/kimai/security/advisories/GHSA-9g2q-w3w2-vf7q/#poc

Vulnerability description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to missing voter check. A remote user can enumerate, read, modify and permanently delete timesheets belonging to any other user in the target system.

Remediation

Install updates from vendor's website.

ID:12657 - Exploit for Incorrect authorization in kimai2

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human