CNNVD-202602-1092 Information
CNNVD ID
CNNVD-202602-1092
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于卡片评论创建API接受来自请求正文的authorId,允许经过身份验证的用户通过提供其他用户的标识符来伪造记录的评论作者。
Description (English)
Wekan is a panel application from WeKan Open Source. The previous version of Wekan 8.19 had a security loophole, which stemmed from the card commentary that created the API to accept the authorId from the main text of the request, allowing a user with authentication to falsify a comment writer by providing identifiers from other users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://github.com/wekan/wekan/commit/67cb47173c1a152d9eaf5469740992b2dacdf62d https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-card-comment-author-spoofing-via-user-controlled-authorid https://access.redhat.com/security/cve/cve-2026-25567
Patch
https://github.com/wekan/wekan/releases
Share on: