CVE-2026-1892

Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20

Description A security issue has been identified in Wekan related to improper authorization. This occurs due to manipulation of the item.cardId, item.checklistId, or card.boardId arguments within the setBoardOrgs function located in the models/boards.js file of the REST API component. The attack can be launched remotely and is considered difficult to exploit due to its high complexity.

Recommendations Upgrade to version 8.21 to resolve this issue.