PT-2026-6945 · Wekan · Wekan
Megamansec
·
Published
2026-02-08
·
Updated
2026-02-08
·
CVE-2026-2206
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.21
Description
A security flaw exists in WeKan up to version 8.20. The issue affects unknown code within the
server/methods/fixDuplicateLists.js file of the Administrative Repair Handler component, leading to improper access controls. This allows for remote exploitation.Recommendations
Upgrade to version 8.21 to resolve the issue.
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan