PT-2026-6631 · Wekan · Wekan
Megamansec
·
Published
2026-02-05
·
Updated
2026-03-06
·
CVE-2026-1963
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeKan versions up to 8.20
Description
A flaw exists in WeKan that relates to improper access controls within the Attachment Storage component. The issue is located in the file
models/attachments.js and impacts an unknown function. This manipulation can be initiated remotely. Upgrading to version 8.21 resolves this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d.Recommendations
Upgrade to WeKan version 8.21.
Upgrade the affected component.
Fix
Incorrect Privilege Assignment
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan