← Zuruck zu CVEs
CVE-2026-25563
HIGH7.5
Beschreibung
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/7/2026
Zuletzt geandert2/10/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
wekan_project:wekan
Schwachen (CWE)
CWE-639
Referenzen
https://github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14(disclosure@vulncheck.com)
https://wekan.fi/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-idor(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.