CVE-2026-25563

Sažetak

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers.

Reference

https://github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14
https://wekan.fi/
https://www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-idor

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

07-02-2026 - 22:16

Objavljeno

07-02-2026 - 22:16