PT-2026-6072 · Wekan · Wekan
Joshua Rogers
+2
·
Published
2026-02-04
·
Updated
2026-02-04
·
CVE-2026-1892
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Wekan versions up to 8.20
Description
A security issue has been identified in Wekan related to improper authorization. This occurs due to manipulation of the
item.cardId, item.checklistId, or card.boardId arguments within the setBoardOrgs function located in the models/boards.js file of the REST API component. The attack can be launched remotely and is considered difficult to exploit due to its high complexity.Recommendations
Upgrade to version 8.21 to resolve this issue.
Fix
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan