Missing Authorization Vulnerability in WeKan by WeKan
CVE-2026-2208

5.3MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2208?

A vulnerability has been identified in WeKan versions up to 8.20, specifically affecting the Rules Handler component. This flaw allows unauthorized access due to missing authorization checks in the file server/publications/rules.js, facilitating potential remote attacks. It is crucial for users to upgrade to version 8.21 or later, which addresses this security issue with the patch identified by commit a787bcddf33ca28afb13ff5ea9a4cb92dceac005. Immediate action is recommended to safeguard against possible exploitation.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344922
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344922
signaturepermissions-required
https://vuldb.com/?submit.752164
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.