CVE-2026-42267 | Kimai up to 2.53.x /api/tags ArrayFormatter.formatValue csv injection

A vulnerability labeled as critical has been found in Kimai up to 2.53.x. The affected element is the function ArrayFormatter.formatValue of the file /api/tags. Such manipulation leads to csv injection.

This vulnerability is traded as CVE-2026-42267. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More