No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sun, 12 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | Leantime JSON-RPC Endpoint addUser improper authorization | |
| First Time appeared |
Leantime
Leantime leantime |
|
| Weaknesses | CWE-266 CWE-285 |
|
| CPEs | cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Leantime
Leantime leantime |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-12T22:30:09.041Z
Reserved: 2026-07-12T05:58:31.153Z
Link: CVE-2026-15509
No data.
No data.
No data.
OpenCVE Enrichment
No data.