CVE-2026-1964

Sažetak

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.

Reference

https://github.com/wekan/wekan/
https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e
https://github.com/wekan/wekan/releases/tag/v8.21
https://vuldb.com/?ctiid.344486
https://vuldb.com/?id.344486
https://vuldb.com/?submit.742680

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

12-02-2026 - 17:29

Objavljeno

05-02-2026 - 22:15