CVE-2026-25565

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19

Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to perform card updates that should require write access. The affected API paths are not explicitly named, but involve card updates.

Recommendations Update WeKan to version 8.19 or later.