Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WeKan — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting WeKan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WeKan:WeKan
CVE IDTitleCVSSSeverityPublished
CVE-2026-41455 WeKan < 8.35 SSRF via Webhook URL — wekanCWE-918 8.5 High2026-04-22
CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API — wekanCWE-862 8.3 High2026-04-22
CVE-2026-30847 Wekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session Tokens — WekanCWE-200 6.5 -2026-03-06
CVE-2026-30846 Wekan Exposes All Global Webhook Integrations through globalwebhooks Publication — WekanCWE-306 7.5 -2026-03-06
CVE-2026-30845 Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication — WekanCWE-200 7.5 -2026-03-06
CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading — WekanCWE-918 9.1 -2026-03-06
CVE-2026-30843 Wekan has Cross-Board IDOR in Custom Fields Update Endpoints — WekanCWE-639 6.5 -2026-03-06
CVE-2026-25859 WeKan < 8.20 Migration Functionality Insufficient Permission Checks — WeKanCWE-863 7.1AIHighAI2026-02-07
CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass — WeKanCWE-863 6.5AIMediumAI2026-02-07
CVE-2026-25567 WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId — WeKanCWE-639 6.5AIMediumAI2026-02-07
CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization — WeKanCWE-863 3.3AILowAI2026-02-07
CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards — WeKanCWE-863 4.3AIMediumAI2026-02-07
CVE-2026-25564 WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation — WeKanCWE-639 6.5AIMediumAI2026-02-07
CVE-2026-25563 WeKan < 8.19 Checklist Creation Cross-Board IDOR — WeKanCWE-639 6.5AIMediumAI2026-02-07
CVE-2026-25562 WeKan < 8.19 Attachments Publication Information Disclosure — WeKanCWE-203 5.3AIMediumAI2026-02-07
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass — WeKanCWE-863 7.5AIHighAI2026-02-07
CVE-2026-25560 WeKan < 8.19 LDAP Authentication Filter Injection — WeKanCWE-90 7.5AIHighAI2026-02-07

This page lists every published CVE security advisory associated with WeKan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.