CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...