Information Disclosure Vulnerability in WeKan Activity Publication Handler
CVE-2026-2207

6.9MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2207?

A vulnerability has been identified in WeKan versions up to 8.20, specifically affecting the Activity Publication Handler through its handling of the activities.js file. This weakness allows for potential information disclosure due to inadequate authorization filtering. Attackers can exploit this vulnerability remotely, exposing sensitive information. It is crucial for users to upgrade to version 8.21, which includes a patch (commit 91a936e07d2976d4246dfe834281c3aaa87f9503) to remediate this issue.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344921
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344921
signaturepermissions-required
https://vuldb.com/?submit.752163
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.