OIDC Security Risk in Wekan Kanban Software from Wekan Inc.
CVE-2026-53444

7.6HIGH

Key Information:

Vendor

Wekan

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-53444?

Wekan, an open-source kanban software built with the Meteor framework, has a significant security vulnerability in its OIDC-related methods. Prior to version 9.32, specific Meteor methods within the OIDC package were callable without the necessary admin authorization checks. This allowed authenticated users to create or modify organizations and teams, and could potentially grant global admin privileges if certain conditions were met. The issue has been addressed in version 9.32, prompting users to upgrade to ensure the integrity of their applications.

Affected Version(s)

wekan < 9.32

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.