CNNVD-202602-1088 Information
CNNVD ID
CNNVD-202602-1088
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于某些卡片更新API路径仅验证看板读取权限而非要求写入权限,可能导致具有只读角色的用户执行需要写入权限的卡片更新。
Description (English)
Wekan is a panel application from WeKan Open Source. There was a security loophole in the previous version of Wekan 8.19, which stemmed from the fact that some cards updated the API path only by certifying access to viewers rather than requiring permission to write, which could lead users with read-only roles to execute card updates requiring permission to write.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-read-only-board-roles-can-update-cards https://github.com/wekan/wekan/commit/181f837d8cbae96bdf9dcbd31beaa3653c2c0285 https://access.redhat.com/security/cve/cve-2026-25565
Patch
https://github.com/wekan/wekan/releases
Share on: