cvedb.io
CVE-2026-25565
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-02-07T22:16:02.043 · Last modified 2026-06-17T10:24:51.890

Summary

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access.

Affected products

wekan_project — wekan

Does this affect you?

Add your gear to cvedb and we'll alert you only when wekan_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.