CVE-2026-1894
Last modified
CVE-2026-1894 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. The patch is named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading the affected component is recommended.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
References
- https://github.com/wekan/wekan/releases/tag/v8.21Product, Release Notes
- https://vuldb.com/?ctiid.344266Permissions Required, VDB Entry
- https://vuldb.com/?id.344266Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.742663Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-1894?
How severe is CVE-2026-1894?
How do I fix CVE-2026-1894?
Are you affected by CVE-2026-1894?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST