cvedb.io
CVE-2026-25562
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-02-07T22:16:01.627 · Last modified 2026-06-17T10:24:51.530

Summary

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

Affected products

wekan_project — wekan

Does this affect you?

Add your gear to cvedb and we'll alert you only when wekan_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.