CVE Catalog

CVE-2026-25562

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

WeKan versions prior to 8.19 have an information disclosure vulnerability in attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing metadata to unauthorized users.

Risk Assessment

The organization risks leakage of attachment metadata, which may reveal sensitive information about stored files even if the user does not have access to the relevant boards or cards.

Recommendation

Update WeKan to version 8.19 or later immediately, which includes a fix that restricts access to attachment metadata based on user permissions.

Original NVD description (English source)

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS