CNNVD-202602-1093 Information
CNNVD ID
CNNVD-202602-1093
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在注入漏洞,该漏洞源于LDAP身份验证中用户提供的用户名输入未经充分转义即并入LDAP搜索过滤器和DN相关值,可能导致LDAP过滤器注入攻击。
Description (English)
Wekan is a panel application from WeKan Open Source. There was an injection loophole in the pre-WeKan 8.19 version, which resulted from the incorporation of user name input from users in the LDAP authentication into the LDAP search filter and the DN-related values without adequate conversion, which could result in an LDAP filter being injected into the attack.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://github.com/wekan/wekan/commit/0b0e16c3eae28bbf453d33a81a9c58ce7db6d5bb https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-ldap-authentication-filter-injection https://access.redhat.com/security/cve/cve-2026-25560
Patch
https://github.com/wekan/wekan/releases
Share on: