PT-2026-6944 · Wekan · Wekan
Megamansec
·
Published
2026-02-08
·
Updated
2026-02-08
·
CVE-2026-2205
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Wekan versions up to 8.20
Description
A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the
server/publications/cards.js file within the Meteor Publication Handler component. The attack can be initiated remotely.Recommendations
Upgrade to version 8.21 to resolve this issue.
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan