PT-2026-6630 · Wekan · Wekan
Megamansec
·
Published
2026-02-05
·
Updated
2026-02-05
·
CVE-2026-1962
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeKan versions up to 8.20
Description
A flaw exists in WeKan that relates to improper access controls. The issue is located in an unknown function within the
server/attachmentMigration.js file of the Attachment Migration component. This issue can be exploited remotely.Recommendations
Upgrade to version 8.21 to resolve this issue.
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan