CNNVD-202602-1087 Information
CNNVD ID
CNNVD-202602-1087
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于卡片移动逻辑中,用户可在未对目标进行充分授权检查且未验证目标对象属于目标看板的情况下指定目标看板、列表或泳道,可能导致未经授权的跨看板移动。
Description (English)
Wekan is a panel application from WeKan Open Source. The previous version of WeKan 8.19 had a security loophole, which originated in the mobile logic of the card, where the user could designate target viewers, lists or swimming lanes without a fully authorized inspection of the target and without verifying that the target was a target viewer, which could lead to unauthorized cross-watch movement.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://github.com/wekan/wekan/commit/198509e7600981400353aec6259247b3c04e043e https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-cross-board-card-move-without-destination-authorization https://access.redhat.com/security/cve/cve-2026-25566
Patch
https://github.com/wekan/wekan/releases
Share on: