Unrated severityNVD Advisory· Published Feb 19, 2026· Updated Feb 20, 2026
Broken Access Control results in Denial of Service in NesterSoft WorkTime
CVE-2025-15563
Description
Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <= 11.8.8
Patches
Vulnerability mechanics
References
1- r.sec-consult.com/worktimemitrethird-party-advisory
News mentions
0No linked articles in our index yet.