CVE Catalog

CVE-2026-25566

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.

Risk Assessment

The risk involves potential unauthorized movement of cards between boards, which could lead to data confidentiality and integrity breaches, as well as privilege escalation within the organization.

Recommendation

It is recommended to immediately upgrade WeKan to version 8.19 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS