{"data":{"id":"7ebdc50b-df34-4b8f-ac3c-a870bbaf990d","title":"CVE-2026-42092: titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all glo","summary":"Titra, an open source time tracking application, has a vulnerability in version 0.99.52 where the globalsettings Meteor publication (a feature that broadcasts data to connected users) exposes sensitive configuration information like API keys without checking if the user has admin permissions. Any authenticated user (someone logged into the system) can access these secrets through DDP (the protocol Meteor uses to send data to clients).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42092","publishedAt":"2026-05-04T18:16:31.363Z","cveId":"CVE-2026-42092","cweIds":["CWE-200"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["titra","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-04T18:16:31.363Z","capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}