Improper Access Control in WeKan Affects Attachment Storage Component
CVE-2026-1963

5.3MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
5 February 2026

What is CVE-2026-1963?

A flaw has been discovered in WeKan's Attachment Storage component, specifically within the models/attachments.js file, which leads to improper access control. This vulnerability allows unauthorized actors to remotely exploit the component, potentially leading to unauthorized access to sensitive data. Users are strongly recommended to upgrade to version 8.21 or higher, where this issue has been effectively addressed through an important patch. To ensure your system's integrity, apply the necessary updates promptly.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344485
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344485
signaturepermissions-required
https://vuldb.com/?submit.742678
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.