Insufficient Permission Checks in Wekan Allow Unauthorized Migration Access
CVE-2026-25859

7.1HIGH

Key Information:

Vendor

Wekan

Status
Wekan
Vendor
CVE Published:
7 February 2026

What is CVE-2026-25859?

Wekan versions prior to 8.20 are susceptible to a vulnerability that allows non-administrative users to exploit the migration functionality. This occurs due to inadequate permission checks in place, potentially enabling unauthorized users to perform migration operations that could compromise data integrity and operational security. It is crucial for users of Wekan to update to the latest version to safeguard against these types of unauthorized access.

Affected Version(s)

WeKan 0 < 8.20

References

https://github.com/wekan/wekan/commit/cbb1cd78de3e40264a5...
patch
https://wekan.fi/
product
https://www.vulncheck.com/advisories/wekan-migration-func...
third-party-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Rogers
.