← Back to CVEs

CVE-2026-2208

MEDIUM

4.3

Description

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended to address this issue. The identifier of the patch is a787bcddf33ca28afb13ff5ea9a4cb92dceac005. The affected component should be upgraded.

CVE Details

CVSS v3.1 Score4.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published2/8/2026

Last Modified2/11/2026

Sourcenvd

Honeypot Sightings0

Affected Products

wekan_project:wekan

Weaknesses (CWE)

CWE-862CWE-863CWE-862

References

https://github.com/wekan/wekan/(cna@vuldb.com)

https://github.com/wekan/wekan/commit/a787bcddf33ca28afb13ff5ea9a4cb92dceac005(cna@vuldb.com)

https://github.com/wekan/wekan/releases/tag/v8.21(cna@vuldb.com)

https://vuldb.com/?ctiid.344922(cna@vuldb.com)

https://vuldb.com/?id.344922(cna@vuldb.com)

https://vuldb.com/?submit.752164(cna@vuldb.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.