CVE-2026-1964

Summary

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
n/aWeKan8.0affected
n/aWeKan8.1affected
n/aWeKan8.2affected
n/aWeKan8.3affected
n/aWeKan8.4affected
n/aWeKan8.5affected
n/aWeKan8.6affected
n/aWeKan8.7affected
n/aWeKan8.8affected
n/aWeKan8.9affected
n/aWeKan8.10affected
n/aWeKan8.11affected
n/aWeKan8.12affected
n/aWeKan8.13affected
n/aWeKan8.14affected
n/aWeKan8.15affected
n/aWeKan8.16affected
n/aWeKan8.17affected
n/aWeKan8.18affected
n/aWeKan8.19affected
n/aWeKan8.20affected
n/aWeKan8.21unaffected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References