CVE-2026-2209

MEDIUM

Wekan < 8.19 - Improper Authorization

Title source: rule

Description

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.

References (6)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.344923

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344923

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.752269

[Patch] https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de

[Product, Release Notes] https://github.com/wekan/wekan/releases/tag/v8.19

[Product] https://github.com/wekan/wekan/

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

wekan_project/wekan < 8.19

Published Feb 08, 2026

Tracked Since Feb 18, 2026