PT-2026-6923 · Wekan · Wekan
Joshua Rogers
·
Published
2026-02-07
·
Updated
2026-02-08
·
CVE-2026-25560
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.19
Description
The software contains an LDAP filter injection issue in LDAP authentication. User-supplied input from the
username is used in LDAP search filters and DN-related values without proper escaping. This allows manipulation of LDAP queries during authentication.Recommendations
Update to version 8.19 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wekan