CVE-2026-1892
Last modified
CVE-2026-1892 is a low-severity vulnerability rated 2.3/10 on the CVSS scale. A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. Upgrading to version 8.21 mitigates this issue. The name of the patch is cabfeed9a68e21c469bf206d8655941444b9912c. It is suggested to upgrade the affected component.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
References
- https://github.com/wekan/wekan/releases/tag/v8.21Release Notes
- https://vuldb.com/?ctiid.344265Permissions Required, VDB Entry
- https://vuldb.com/?id.344265Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.742662Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-1892?
How severe is CVE-2026-1892?
How do I fix CVE-2026-1892?
Are you affected by CVE-2026-1892?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST