Improper Authorization in WeKan Custom Translation Handler
CVE-2026-2209

5.3MEDIUM

Key Information:

Vendor

WeKan

Status
Wekan
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2209?

A security flaw in WeKan versions up to 8.18 allows for improper authorization due to a vulnerability in the Custom Translation Handler's setCreateTranslation function. This issue can be exploited remotely, potentially allowing unauthorized users to modify custom translations. Users are advised to upgrade to version 8.19, which includes the necessary patch identified as f244a43771f6ebf40218b83b9f46dba6b940d7de, to mitigate this risk.

Affected Version(s)

WeKan 8.0

WeKan 8.1

WeKan 8.2

References

https://vuldb.com/?id.344923
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344923
signaturepermissions-required
https://vuldb.com/?submit.752269
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MegaManSec (VulDB User)
.