CNNVD-202602-1094 Information
CNNVD ID
CNNVD-202602-1094
Related CVE
- CNNVD Published: 2026-02-07
Description (Chinese)
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于清单创建及相关清单路由中未验证提供的cardId属于提供的boardId,可能导致通过操纵标识符进行跨看板ID篡改。
Description (English)
Wekan is a panel application from WeKan Open Source. There was a security loophole in the previous version of WeKan 8.19, which originated from the creation of the List and the unverified nature of the cardId provided in the route of the related list, which could lead to the manipulation of cross-watch ID by manipulating the identifier.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WeKan
Published
2026-02-07
Last Modified
2026-02-24
References
https://github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14 https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-idor https://access.redhat.com/security/cve/cve-2026-25563
Patch
https://github.com/wekan/wekan/releases
Share on: