CNNVD-202602-771 Information

CNNVD ID

CNNVD-202602-771

Related CVE

CVE-2026-1963

• CNNVD Published: 2026-02-05

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.20及之前版本存在访问控制错误漏洞，该漏洞源于组件Attachment Storage中文件models/attachments.js的未知函数存在访问控制不当，可能导致远程攻击。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 8.20 and previous versions have access control bugs that stem from inappropriate access controls in the unknown function of document Models/attachments.js in component Attachment Service, which may lead to a remote attack.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

WeKan

Published

2026-02-05

Last Modified

2026-02-24

References

https://github.com/wekan/wekan/ https://github.com/wekan/wekan/commit/c413a7e860bc4d93fe2adcf82516228570bf382d https://github.com/wekan/wekan/releases/tag/v8.21 https://vuldb.com/?ctiid.344485 https://vuldb.com/?id.344485 https://vuldb.com/?submit.742678

Patch

https://github.com/wekan/wekan/releases