CVE-2026-25859

High CVSS: 7.1

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.

Vendor

Wekan Project

Product

Wekan

CWE

CWE-863

Yayın Tarihi

2026-02-07 22:16:02

Güncelleme

2026-02-10 21:54:37

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-863 Wekan HIGH Wekan Project 2026

Referanslar

https://github.com/wekan/wekan/commit/cbb1cd78de3e40264a5e047ace0ce27f8635b4e6 https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-migration-functionality-insufficient-permission-checks

Benzer Kayıtlar

Critical

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forg…

Medium

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication…

High

CVE-2026-30846

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication e…

Critical

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publicatio…

Critical

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Ref…

Medium

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/public…