Data Exposure Vulnerability in Titra Time Tracking Project by Titra
CVE-2026-42092

6.5MEDIUM

Key Information:

Vendor

Titraio

Status
Titra
Vendor
CVE Published:
4 May 2026

What is CVE-2026-42092?

The Titra time tracking application is affected by a serious data exposure vulnerability found in version 0.99.52. The application’s globalsettings Meteor publication permits any authenticated user to access sensitive global settings without appropriate admin or role verification. This flaw allows users to subscribe via DDP, compromising critical configuration information, including google_secret, openai_apikey, and google_clientid. As of the current publication date, no public patch is available to rectify this issue, posing a significant risk to user data security. For further details, visit the advisory at GitHub.

Affected Version(s)

titra = 0.99.52

References

https://github.com/titraio/titra/security/advisories/GHSA...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.