MEDIUM
solidtime-io
CVE published 2026-06-12
CVE-2026-47236
CVE-2026-47236 is a medium-severity vulnerability in Solidtime, an open-source time-tracking app. The issue allows unauthorized access to pending invitation and member data through Inertia props on the team page. This occurs because the Jetstream web team page authorizes access using only the `belongsToTeam()` method, then loads and serializes all pending invitation emails and members into Inertia props. [truncated]