PT-2026-6929 · Wekan · Wekan
Joshua Rogers
·
Published
2026-02-07
·
Updated
2026-02-18
·
CVE-2026-25566
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.19
Description
An authorization issue exists in the card move logic of the software. A user can define a destination board, list, or swimlane without sufficient authorization verification for the destination. The system also fails to confirm that destination objects are part of the intended board, potentially allowing unauthorized card movements between boards.
Recommendations
Update to version 8.19 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wekan