CVE-2026-1962

Sažetak

A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component.

Reference

https://github.com/wekan/wekan/
https://github.com/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67eee
https://github.com/wekan/wekan/releases/tag/v8.21
https://vuldb.com/?ctiid.344484
https://vuldb.com/?id.344484
https://vuldb.com/?submit.742677

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-02-2026 - 21:15

Objavljeno

05-02-2026 - 21:15