What is the CVSS score of CVE-2026-44298?

CVE-2026-44298 has a CVSS 3.1 base score of 4.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-44298?

Yes, a patch is available for CVE-2026-44298. Update the affected software to the latest version immediately.

Kimai CVE-2026-44298

EUVD-2026-28517 MEDIUM

Path Traversal (CWE-22)

2026-05-08 GitHub_M

GHSA-h5fh-7hwr-97mw

PHP Path Traversal

4.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

May 08, 2026 - 05:31 EUVD

Source Code Evidence Fetched

May 08, 2026 - 04:35 vuln.today

Analysis Generated

May 08, 2026 - 04:35 vuln.today

CVE Published

May 08, 2026 - 03:32 nvd

MEDIUM 4.1

DescriptionNVD

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files', ...) inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles(), whose writer calls file_get_contents($entry['path']) during PDF output and embeds the bytes as a FlateDecode stream in the PDF. Any file readable by the PHP worker is returned to the attacker inside the rendered invoice. This issue has been patched in version 2.56.0.

AnalysisAI

Kimai versions 2.32.0 through 2.55.x allow System-Admin users with invoice template upload permission to read arbitrary files from the PHP server via malicious PDF invoice templates. The vulnerability exploits mPDF's SetAssociatedFiles() function combined with unsanitized Twig template rendering to access any file readable by the PHP worker process and embed it within generated PDF invoices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44298 vulnerability details – vuln.today

Back

Kimai CVE-2026-44298

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code