PT-2026-6075 · Wekan · Wekan

Megamansec

Published

2026-02-04

Updated

2026-02-05

CVE-2026-1896

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21

Description A flaw exists in WeKan that allows for improper access controls. This is due to the manipulation of the boardId argument within the ComprehensiveBoardMigration function located in the file server/migrations/comprehensiveBoardMigration.js of the Migration Operation Handler component. The issue is potentially exploitable remotely.

Recommendations Upgrade to version 8.21 or later to address this issue.

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2026-1896

Affected Products

Wekan

PT-2026-6075 · Wekan · Wekan

CVE-2026-1896

Weakness Enumeration

Related Identifiers

Affected Products

References · 11