Access Control Flaw in Wekan Kanban by Wekan Inc.
CVE-2026-53445

7.1HIGH

Key Information:

Vendor

Wekan

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-53445?

In Wekan, an open-source kanban board application, an access control vulnerability exists where the copyBoard method allows any authenticated user to copy private boards they do not belong to. This flaw occurs because the method does not verify the requester’s user ID or their membership role within the board, thus potentially exposing sensitive board contents, including cards, checklists, custom fields, labels, and rules. The issue was rectified in version 9.32, which introduced checks to restrict access appropriately.

Affected Version(s)

wekan < 9.32

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.