Information Disclosure Vulnerability in WeKan by WeKan
CVE-2026-25562

5.3MEDIUM

Key Information:

Vendor: Wekan
Status: Wekan
Vendor: CVE Published:; 7 February 2026

What is CVE-2026-25562?

WeKan versions earlier than 8.19 have a vulnerability that allows unauthorized exposure of attachment metadata. This occurs during the publication of attachment data, where the system does not properly scope results to the specific boards and cards accessible by the user. As a result, sensitive information may become available to users who should not have access to it. To mitigate this issue, it's crucial for users to upgrade to version 8.19 or later.

Affected Version(s)

WeKan 0 < 8.19

References

https://github.com/wekan/wekan/commit/6dfa3beb2b6ab23438d...

patch

https://wekan.fi/

product

https://www.vulncheck.com/advisories/wekan-attachments-pu...

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Joshua Rogers

CVE-2026-25562 Data

JSON

Wekan

What is CVE-2026-25562?

Affected Version(s)

References

CVSS V4

Timeline

Credit