PT-2026-6931 · Wekan · Wekan
Joshua Rogers
·
Published
2026-02-07
·
Updated
2026-02-10
·
CVE-2026-25568
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.19
Description
An authorization issue exists in WeKan where the
allowPrivateOnly instance configuration setting is not fully enforced during board creation. When allowPrivateOnly is enabled, users are still able to create public boards because of incomplete server-side checks. The vulnerability relates to insufficient enforcement of access controls during board creation, potentially allowing unauthorized access to board content.Recommendations
Update WeKan to version 8.19 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wekan