CNNVD-202602-876 Information

CNNVD ID

CNNVD-202602-876

Related CVE

CVE-2026-1898

• CNNVD Published: 2026-02-05

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 8.20及之前版本存在访问控制错误漏洞，该漏洞源于对文件packages/wekan-ldap/server/syncUser.js中未知部分的操作导致访问控制不当。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 8.20 and previous versions have access control bugs, which stem from inappropriate access controls resulting from the operation of unknown parts of documents packages/wekan-ldap/server/syncUser.js.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

WeKan

Published

2026-02-05

Last Modified

2026-02-24

References

https://github.com/wekan/wekan/ https://github.com/wekan/wekan/commit/146905a459106b5d00b4f09453a6554255e6965a https://github.com/wekan/wekan/releases/tag/v8.21 https://vuldb.com/?ctiid.344270 https://vuldb.com/?id.344270 https://vuldb.com/?submit.742676

Patch

https://github.com/wekan/wekan/releases