CVE-2026-2209
WeKan Custom Translation translationBody.js setCreateTranslation improper authorization
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.
| CWE | CWE-285 CWE-266 |
| Vendor | n/a |
| Product | wekan |
| Published | Feb 8, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a wekan
Be the first to know when new medium vulnerabilities affecting n/a wekan are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / WeKan
8.0 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12 8.13 8.14 8.15 8.16 8.17 8.18
References
vuldb.com: https://vuldb.com/?id.344923 vuldb.com: https://vuldb.com/?ctiid.344923 vuldb.com: https://vuldb.com/?submit.752269 github.com: https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de github.com: https://github.com/wekan/wekan/releases/tag/v8.19 github.com: https://github.com/wekan/wekan/
Credits
๐ MegaManSec (VulDB User)