Information Disclosure Vulnerability in WeKan by WeKan
CVE-2026-2205

5.3MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2205?

A vulnerability exists in WeKan versions prior to 8.21 that affects the Meteor Publication Handler component. This flaw allows attackers to exploit the server/publications/cards.js file to disclose sensitive information. The attack can be conducted remotely, making it crucial for users to upgrade to version 8.21 or later to secure their installations. The patch necessary for mitigation is identified by the commit hash 0f5a9c38778ca550cbab6c5093470e1e90cb837f.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344919
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344919
signaturepermissions-required
https://vuldb.com/?submit.752161
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.