CNNVD-202602-1089 Information
CNNVD ID
CNNVD-202602-1089
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于清单创建及相关清单路由中未验证提供的cardId属于提供的boardId,可能导致通过操纵标识符进行跨看板ID篡改。
Description (English)
Wekan is a panel application from WeKan Open Source. There was a security loophole in the previous version of WeKan 8.19, which originated from the creation of the List and the unverified nature of the cardId provided in the route of the related list, which could lead to the manipulation of cross-watch ID by manipulating the identifier.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/wekan-checklist-deletion-idor-via-missing-relationship-validation https://wekan.fi/ https://github.com/wekan/wekan/commit/08a6f084eba09487743a7c807fb4a9000fcfa9ac https://access.redhat.com/security/cve/cve-2026-25564
Patch
https://github.com/wekan/wekan/releases
Share on: