OIDC Security Risk in Wekan Kanban Software from Wekan Inc.
CVE-2026-53444
7.6HIGH
What is CVE-2026-53444?
Wekan, an open-source kanban software built with the Meteor framework, has a significant security vulnerability in its OIDC-related methods. Prior to version 9.32, specific Meteor methods within the OIDC package were callable without the necessary admin authorization checks. This allowed authenticated users to create or modify organizations and teams, and could potentially grant global admin privileges if certain conditions were met. The issue has been addressed in version 9.32, prompting users to upgrade to ensure the integrity of their applications.
Affected Version(s)
wekan < 9.32
