PT-2026-6948 · Wekan · Wekan
Megamansec
·
Published
2026-02-08
·
Updated
2026-02-08
·
CVE-2026-2209
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Wekan versions prior to 8.19
Description
A flaw exists in Wekan that allows for improper authorization. This issue is related to the
setCreateTranslation function within the client/components/settings/translationBody.js file of the Custom Translation Handler component. The attack can be initiated remotely.Recommendations
Upgrade to version 8.19 or later.
Upgrade the affected component.
Fix
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wekan