CVE-2026-1964

MEDIUM

WeKan <8.20 - Info Disclosure

Title source: llm

Description

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.

References (6)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.344486

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344486

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.742680

[Patch] https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e

[Product, Release Notes] https://github.com/wekan/wekan/releases/tag/v8.21

[Product] https://github.com/wekan/wekan/

Scores

CVSS v3 4.3

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (1)

wekan_project/wekan < 8.21

Published Feb 05, 2026

Tracked Since Feb 18, 2026