CVE-2026-1964

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.

Vulnerability Details

Published Date

February 05, 2026

Last Modified

February 12, 2026

CWE ID

CWE-266

Source

NVD

Vendor

wekan_project

Product

wekan

External References

https://github.com/wekan/wekan/
https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e
https://github.com/wekan/wekan/releases/tag/v8.21
https://vuldb.com/?ctiid.344486
https://vuldb.com/?id.344486
https://vuldb.com/?submit.742680

CVE-2026-1964

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment