VYPR
Medium severity5.8NVD Advisory· Published May 8, 2026· Updated May 8, 2026

CVE-2026-42279

CVE-2026-42279

Description

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entry UUID to be modified and rebound to objects in the caller's organization. This issue has been patched in version 0.12.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Solidtime Io/Solidtimereferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:solidtime:solidtime:0.12.0:*:*:*:*:*:*:*
    • (no CPE)range: = 0.12.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.