CVE-2026-2205
Last modified
CVE-2026-2205 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to mitigate this issue. The name of the patch is 0f5a9c38778ca550cbab6c5093470e1e90cb837f. Upgrading the affected component is advised.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | < 8.21 |
References
- https://github.com/wekan/wekan/releases/tag/v8.21Product, Release Notes
- https://vuldb.com/?ctiid.344919Permissions Required, VDB Entry
- https://vuldb.com/?id.344919Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.752161Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-2205?
How severe is CVE-2026-2205?
How do I fix CVE-2026-2205?
Are you affected by CVE-2026-2205?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST