Access Control Flaw in Wekan Kanban by Wekan Inc.
CVE-2026-53445
7.1HIGH
What is CVE-2026-53445?
In Wekan, an open-source kanban board application, an access control vulnerability exists where the copyBoard method allows any authenticated user to copy private boards they do not belong to. This flaw occurs because the method does not verify the requester’s user ID or their membership role within the board, thus potentially exposing sensitive board contents, including cards, checklists, custom fields, labels, and rules. The issue was rectified in version 9.32, which introduced checks to restrict access appropriately.
Affected Version(s)
wekan < 9.32
