CVE-2026-41454

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L                                    

Vulnerability Description

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations, modify or delete existing integrations, and manage integration activities by exploiting insufficient authorization checks in the JsonRoutes REST handlers.

Vulnerability Details

Published Date

April 22, 2026

Last Modified

April 22, 2026

CWE ID

CWE-862

Source

NVD

Vendor

wekan

Product

wekan

External References

https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4
https://github.com/wekan/wekan/releases/tag/v8.35
https://www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api

CVE-2026-41454

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment