CVE-2026-1892

LOW EPSS 15.2%
Published Feb 4, 20264mo ago · Modified Jun 17, 20261w ago
2.3 CVSS 4.0
Low
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. Upgrading to version 8.21 mitigates this issue. The name of the patch is cabfeed9a68e21c469bf206d8655941444b9912c. It is suggested to upgrade the affected component.

CVSS Details

Base Score
2.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
15.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-266
CWE-285

Affected Products 1

VendorProductVersionRange
wekan_projectwekan* <8.21

References 6

  • github.com https://github.com/wekan/wekan/
    Product
  • github.com https://github.com/wekan/wekan/commit/cabfeed9a68e21c469bf206d8655941444b9912c
    Patch
  • github.com https://github.com/wekan/wekan/releases/tag/v8.21
    Release Notes
  • vuldb.com https://vuldb.com/?ctiid.344265
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.344265
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.742662
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/wekan/wekan/commit/cabfeed9a68e21c469bf206d8655941444b9912c
    Patch