CNNVD-202602-553 Information

CNNVD ID

CNNVD-202602-553

Related CVE

CVE-2026-1892

• CNNVD Published: 2026-02-04

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.20及之前版本存在授权问题漏洞，该漏洞源于对参数item.cardId/item.checklistId/card.boardId的操作导致授权不当。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 8.20 and previous versions have a mandate gap, which stems from the inappropriate authorization resulting from the operation of the parameter item.cardId/item.checklistId/card.boardId.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

WeKan

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/wekan/wekan/ https://github.com/wekan/wekan/commit/cabfeed9a68e21c469bf206d8655941444b9912c https://github.com/wekan/wekan/releases/tag/v8.21 https://vuldb.com/?ctiid.344265 https://vuldb.com/?id.344265 https://vuldb.com/?submit.742662

Patch

https://github.com/wekan/wekan/releases