CVE-2026-1964
WeKan REST Endpoint boards.js BoardTitleRESTBleed access control
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.
| CWE | CWE-284 CWE-266 |
| Vendor | n/a |
| Product | wekan |
| Published | Feb 5, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a wekan
Be the first to know when new medium vulnerabilities affecting n/a wekan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / WeKan
8.0 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12 8.13 8.14 8.15 8.16 8.17 8.18 8.19 8.20
References
vuldb.com: https://vuldb.com/?id.344486 vuldb.com: https://vuldb.com/?ctiid.344486 vuldb.com: https://vuldb.com/?submit.742680 github.com: https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e github.com: https://github.com/wekan/wekan/releases/tag/v8.21 github.com: https://github.com/wekan/wekan/
Credits
๐ MegaManSec (VulDB User)