CVE-2026-1962
WeKan Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component.
| CWE | CWE-284 CWE-266 |
| Vendor | n/a |
| Product | wekan |
| Published | Feb 5, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a wekan
Be the first to know when new medium vulnerabilities affecting n/a wekan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / WeKan
8.0 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12 8.13 8.14 8.15 8.16 8.17 8.18 8.19 8.20
References
vuldb.com: https://vuldb.com/?id.344484 vuldb.com: https://vuldb.com/?ctiid.344484 vuldb.com: https://vuldb.com/?submit.742677 github.com: https://github.com/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67eee github.com: https://github.com/wekan/wekan/releases/tag/v8.21 github.com: https://github.com/wekan/wekan/
Credits
๐ MegaManSec (VulDB User)