CNNVD-202602-1085 Information

CNNVD ID

CNNVD-202602-1085

Related CVE

CVE-2026-25568

• CNNVD Published: 2026-02-07

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞，该漏洞源于实例配置设置allowPrivateOnly在看板创建时未得到充分强制执行，当allowPrivateOnly启用时，用户仍可能由于服务器端强制执行不完整而创建公共看板。

Description (English)

Wekan is a panel application from WeKan Open Source. A security loophole existed in the previous version of WeKan 8.19, which originated from the example configuration setting anallowPrivateOnly was not fully enforced when the board was created and when it was enabled, the user could still create a public viewer because the server-side enforcement was incomplete.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WeKan

Published

2026-02-07

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/wekan-allowprivateonly-setting-enforcement-bypass https://github.com/wekan/wekan/commit/7ed76c180ede46ab1dac6b8ad27e9128a272c2c8 https://wekan.fi/ https://access.redhat.com/security/cve/cve-2026-25568

Patch

https://github.com/wekan/wekan/releases