
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
CVE-2026-52828 is a missing authorization vulnerability in Kimai, an open-source time-tracking application, titled "ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access." It affects all versions of kimai/kimai up to and including 2.57.0, and was first published on June 11, 2026, with the GitHub Advisory Database entry updated on July 14, 2026. The flaw allows users with ROLE_TEAMLEAD to create and modify global export templates that should be restricted to administrators. It carries a CVSS v4 base score of 5.3 (Medium) (GitHub Advisory, Kimai Advisory).
The root cause is CWE-862 (Missing Authorization): the ExportController class applies only the class-level annotation #[IsGranted('create_export')], which is granted to ROLE_TEAMLEAD by default. The createExportTemplate (line 210) and editExportTemplate (line 220) methods are missing the required method-level #[IsGranted('create_export_template')] annotation, which is reserved for ROLE_ADMIN and ROLE_SUPER_ADMIN per config/packages/kimai.yaml. The API controller and UI template (templates/export/index.html.twig:124) correctly enforce the stricter permission, but the web controller routes do not. An authenticated ROLE_TEAMLEAD user can directly navigate to the template create/edit web routes to bypass the intended access control (GitHub Advisory, Kimai Advisory).
Successful exploitation allows any ROLE_TEAMLEAD user to create or modify global ExportTemplate entities, which have no per-user or per-team scoping and are visible to all users in the instance, including administrators. The templates control the structure and content of exported data (columns, renderer, format), meaning a malicious TEAMLEAD could manipulate the data output format used organization-wide. There is no risk of remote code execution or credential exposure; the impact is limited to integrity manipulation of export configuration data, violating the intended privilege boundary (GitHub Advisory, Kimai Advisory).
ROLE_TEAMLEAD privileges.createExportTemplate and editExportTemplate in the ExportController (e.g., /export/template/create or similar, depending on the Kimai routing configuration).ROLE_TEAMLEAD accounts making POST or GET requests to export template create/edit routes (e.g., /export/template/create, /export/template/{id}/edit) outside of normal administrative activity.ExportTemplate records in the Kimai database created or last modified by a user with ROLE_TEAMLEAD rather than ROLE_ADMIN or ROLE_SUPER_ADMIN.Upgrade to Kimai version 2.58.0, which adds the #[IsGranted('create_export_template')] annotation to the createExportTemplate() and editExportTemplate() methods in ExportController, closing the authorization gap. No configuration-based workaround is documented; upgrading is the recommended and only confirmed remediation. Administrators should also review existing export templates for unauthorized modifications made by TEAMLEAD users prior to patching (GitHub Advisory, Kimai Advisory).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"