CVE-2026-2209
MEDIUMWekan < 8.19 - Incorrect Privilege Assignment in Custom Translation Handler
Title source: llmDescription
A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.344923
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.344923
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.752269
Product, Release Notes patch
https://github.com/wekan/wekan/releases/tag/v8.19
Product product
https://github.com/wekan/wekan/
Scores
CVSS v3
6.3
EPSS
0.0019
EPSS Percentile
8.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
wekan_project/wekan
< 8.19
Published
Feb 08, 2026
Tracked Since
Feb 18, 2026