Improper Access Control in WeKan REST Endpoint
CVE-2026-1964

5.3MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
5 February 2026

What is CVE-2026-1964?

A vulnerability found in WeKan versions up to 8.20 affects the REST Endpoint due to improper access controls, specifically in the models/boards.js file. This flaw enables remote exploitation, potentially allowing unauthorized access to sensitive components. Users are strongly advised to upgrade to version 8.21, which addresses the issue by applying necessary security patches.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344486
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344486
signaturepermissions-required
https://vuldb.com/?submit.742680
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.