CVE-2026-25560 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP searc…
High CVSS: 8.7

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.
Vendor
Wekan Project
Product
Wekan
CWE
CWE-90
Yayın Tarihi
2026-02-07 22:16:01
Güncelleme
2026-02-10 22:03:03
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-90 Wekan HIGH Wekan Project 2026

Referanslar

https://github.com/wekan/wekan/commit/0b0e16c3eae28bbf453d33a81a9c58ce7db6d5bb https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-ldap-authentication-filter-injection