Vendor
high
advisory
Kimai REST API Two-Factor Authentication Bypass Vulnerability
2 TTPsA critical vulnerability, CVE-2026-52827, in Kimai versions prior to 2.59.0 allows an attacker who has compromised a user's password to bypass Two-Factor Authentication (TOTP) for the REST API by intercepting and replaying the `KIMAI_SESSION` cookie obtained after password verification but before TOTP completion, granting full authenticated API access.
Kimai
api
2fa-bypass
vulnerability
web-application
2t
critical
advisory
Kimai Docker Image Default APP_SECRET Allows Account Takeover (CVE-2026-52824)
3 TTPsA critical vulnerability, CVE-2026-52824, in the official Kimai Docker image allows unauthenticated attackers to forge authentication tokens and achieve account takeover, including super_admin accounts, due to the image shipping with a default, publicly known APP_SECRET environment variable used by Symfony to HMAC-sign session cookies and login links.
Kimai +1
vulnerability
web-application
misconfiguration
account-takeover
docker
3t